> How do you configure Certificate Revocation lists for use with racoon? > I couldn't find any references to them (CRLs) in documentation. racoon leaves the verificateion of the certificate to OpenSSL. racoon calls X509_verify_cert() to verify a certificate. if X509_verify_cert() checks and verify a CRL, then racoon can support CRL.