[Swan] Current state of CRL handling?

Nels Lindquist nlindq at maei.ca
Tue Sep 13 15:55:58 UTC 2016

Just wondering what the current state of CRL handling in LibreSWAN is?

I'm running 3.18, and files in /etc/ipsec.d/crls seem to be detected and 
imported by "ipsec auto --rereadcrls", but "ipsec auto --listcrls" shows 

 > ipsec auto --rereadcrls
 > 002   loading crl file 'crl.pem' (1223 bytes)

 > ipsec auto --listcrls
 > 000
 > 000 List of CRLs:

Attempts to import a CRL file into the NSS database using crlutil fail 
with "crlutil: unable to import CRL: SEC_ERROR_CRL_INVALID: New CRL has 
an invalid format."

Nels Lindquist
<nlindq at maei.ca>

More information about the Swan mailing list