<p>Certificate revocation policy for CRL or OCSP revocation.</p><ul><li>A <code>strict</code> revocation policy fails if no revocation information is available, i.e. the certificate is not known to be unrevoked.</li><li><code>ifuri</code> fails only if a CRL/OCSP URI is available, but certificate revocation checking fails, i.e. there should be revocation information available, but it could not be obtained.</li><li>The default revocation policy <code>relaxed</code> fails only if a certificate is revoked, i.e. it is explicitly known that it is bad.</li></ul><p>StrongSwan default: <code>"relaxed"</code></p>

services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation

Certificate revocation policy for CRL or OCSP revocation

null or one of "strict", "ifuri", "relaxed"