vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk

author: Andreas Steffen <andreas.steffen@strongswan.org> 2016-09-27 14:42:08 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2016-10-11 17:18:22 +0200
commit: 2a2669ee3e7ec6ba2642cacbfa28ad235e09ac32 (patch)
tree: 127fd795537640f59a3f0ea4712e0046c594e723 /conf
parent: 9ba6548766e69d273884375b5acb2df0b37b3a2c (diff)
download: strongswan-2a2669ee3e7ec6ba2642cacbfa28ad235e09ac32.tar.bz2
strongswan-2a2669ee3e7ec6ba2642cacbfa28ad235e09ac32.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 04e099e12..6e0b37c57 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -30,6 +30,12 @@ charon.cert_cache = yes
 	Whether relations in validated certificate chains should be cached in
 	memory.
 
+charon.cache_crls = no
+	Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
+	be saved under a unique file name derived from the public key of the
+	Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or
+	**/etc/swanctl/x509crl** (vici), respectively.
+
 charon.cisco_unity = no
 	Send Cisco Unity vendor ID payload (IKEv1 only).
author	Andreas Steffen <andreas.steffen@strongswan.org>	2016-09-27 14:42:08 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2016-10-11 17:18:22 +0200
commit	2a2669ee3e7ec6ba2642cacbfa28ad235e09ac32 (patch)
tree	127fd795537640f59a3f0ea4712e0046c594e723 /conf
parent	9ba6548766e69d273884375b5acb2df0b37b3a2c (diff)
download	strongswan-2a2669ee3e7ec6ba2642cacbfa28ad235e09ac32.tar.bz2 strongswan-2a2669ee3e7ec6ba2642cacbfa28ad235e09ac32.tar.xz