crl update is overdue --> What for? in IPSEC
I have freeswan ipsec connecting my laptop to my wired lan (wireless encryption). My logwatch shows crl update is overdue. After some reading, I deduce that:
crl.pem is used for certificate revocation
by default it will expire in 30 days
if it expires, then all certificates issued with the certificate authority are auto revoked unless a new crl.pem is created.
Are the above correct? I am asking because despite the "crl update is overdue" in my logwatch, the laptop can still connect via ipsec freeswan. I am using Freeswan 2.01. Also seem to remember that one of my expired certificates in the past allowed me to connect also.
Thanks for any insight.