[Swan] Is libreswan's OCSP periodically doing checks ?

[Paul Wouters]

On Wed, 25 May 2016, jonetsu wrote:

> Is libreswan's OCSP periodically doing checks to see of the certificate in use is still valid ?  If so, at which frequency ?

Yes, but this was very recently fixed. So you might want to try 3.18rc2.

It used to not re-check when the OCSP was still valid I believe. In the
latest code, I think it uses the refresh time specified in the OCSP
request.

Tuomo should know the gory details,

Paul