I found that with OpenSSL version 0.9.7a (the version included with
Redhat 9), the CRL was not being checked. Thus, certificates that had
been revoked were still verified correctly. This patch sets the
appropriate flags for OpenSSL 0.9.7 and later so that the CRL will be
I have also submitted this patch through the patches section of the
ipsec-tools Sourceforge project page. If there are any questions
regarding this patch, please contact me.
5775 Morehouse Dr.
San Diego, CA 92121