services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation
Certificate revocation policy for CRL or OCSP revocation.
- A
strictrevocation policy fails if no revocation information is available, i.e. the certificate is not known to be unrevoked. ifurifails only if a CRL/OCSP URI is available, but certificate revocation checking fails, i.e. there should be revocation information available, but it could not be obtained.- The default revocation policy
relaxedfails only if a certificate is revoked, i.e. it is explicitly known that it is bad.
StrongSwan default: "relaxed"
- Type
null or one of "strict", "ifuri", "relaxed"- Default
null- Declared
- <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>