The curl plugin is a CRL/OCSP fetcher plugin using the libcurl library. It supports fetching of CRL or OCSP information from file://, http://, https:// and ftp:// URIs.
The plugin is disabled by default and can be enabled by adding
--enable-curlto the ./configure options.
Starting with 5.2.1, the curl plugin can fetch over HTTPS if libcurl has been built with a SSL backend.
To use the SSL backend in a multi-threaded environment, that backend must be explicitly initialized before use. The curl plugin does not do that itself, but relies on the appropriate strongSwan crypto plugin for doing so. This implies that the strongSwan crypto plugin is required for the SSL backend that curl uses:
- If your libcurl uses OpenSSL as backend, you'll need to --enable-openssl when building strongSwan to support fetching over HTTPS
- Likewise, if your libcurl uses GnuTLS as backend, --enable-gcrypt to fetch over HTTPS
- For the NSS libcurl SSL backend, there is no dependency in strongSwan to fetch from HTTPS URIs