diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c
index fe7eaa765..f688577e1 100644
--- a/src/libstrongswan/plugins/revocation/revocation_plugin.c
+++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c
@@ -76,6 +76,13 @@ METHOD(plugin_t, get_features, int,
 	return countof(f);
 }
 
+METHOD(plugin_t, reload, bool,
+	private_revocation_plugin_t *this)
+{
+	this->validator->reload(this->validator);
+	return TRUE;
+}
+
 METHOD(plugin_t, destroy, void,
 	private_revocation_plugin_t *this)
 {
@@ -95,6 +102,7 @@ plugin_t *revocation_plugin_create()
 			.plugin = {
 				.get_name = _get_name,
 				.get_features = _get_features,
+				.reload = _reload,
 				.destroy = _destroy,
 			},
 		},
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index f8e78ac0c..68292e3cd 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -27,6 +27,7 @@
 #include <credentials/certificates/ocsp_response.h>
 #include <credentials/sets/ocsp_response_wrapper.h>
 #include <selectors/traffic_selector.h>
+#include <threading/spinlock.h>
 
 typedef struct private_revocation_validator_t private_revocation_validator_t;
 
@@ -50,6 +51,10 @@ struct private_revocation_validator_t {
 	 */
 	bool enable_crl;
 
+	/**
+	 * Lock to access flags
+	 */
+	spinlock_t *lock;
 };
 
 /**
@@ -795,14 +800,21 @@ METHOD(cert_validator_t, validate, bool,
 	certificate_t *issuer, bool online, u_int pathlen, bool anchor,
 	auth_cfg_t *auth)
 {
-	if (online && (this->enable_ocsp || this->enable_crl) &&
+	bool enable_ocsp, enable_crl;
+
+	this->lock->lock(this->lock);
+	enable_ocsp = this->enable_ocsp;
+	enable_crl = this->enable_crl;
+	this->lock->unlock(this->lock);
+
+	if (online && (enable_ocsp || enable_crl) &&
 		subject->get_type(subject) == CERT_X509 &&
 		issuer->get_type(issuer) == CERT_X509)
 	{
 		DBG1(DBG_CFG, "checking certificate status of \"%Y\"",
 					   subject->get_subject(subject));
 
-		if (this->enable_ocsp)
+		if (enable_ocsp)
 		{
 			switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth))
 			{
@@ -831,7 +843,7 @@ METHOD(cert_validator_t, validate, bool,
 			auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED);
 		}
 
-		if (this->enable_crl)
+		if (enable_crl)
 		{
 			switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth))
 			{
@@ -865,9 +877,35 @@ METHOD(cert_validator_t, validate, bool,
 	return TRUE;
 }
 
+METHOD(revocation_validator_t, reload, void,
+	private_revocation_validator_t *this)
+{
+	bool enable_ocsp, enable_crl;
+
+	enable_ocsp = lib->settings->get_bool(lib->settings,
+							"%s.plugins.revocation.enable_ocsp", TRUE, lib->ns);
+	enable_crl  = lib->settings->get_bool(lib->settings,
+							"%s.plugins.revocation.enable_crl",  TRUE, lib->ns);
+
+	this->lock->lock(this->lock);
+	this->enable_ocsp = enable_ocsp;
+	this->enable_crl = enable_crl;
+	this->lock->unlock(this->lock);
+
+	if (!enable_ocsp)
+	{
+		DBG1(DBG_LIB, "all OCSP validation disabled");
+	}
+	if (!enable_crl)
+	{
+		DBG1(DBG_LIB, "all CRL validation disabled");
+	}
+}
+
 METHOD(revocation_validator_t, destroy, void,
 	private_revocation_validator_t *this)
 {
+	this->lock->destroy(this->lock);
 	free(this);
 }
 
@@ -881,21 +919,13 @@ revocation_validator_t *revocation_validator_create()
 	INIT(this,
 		.public = {
 			.validator.validate = _validate,
+			.reload = _reload,
 			.destroy = _destroy,
 		},
-		.enable_ocsp = lib->settings->get_bool(lib->settings,
-							"%s.plugins.revocation.enable_ocsp", TRUE, lib->ns),
-		.enable_crl  = lib->settings->get_bool(lib->settings,
-							"%s.plugins.revocation.enable_crl",  TRUE, lib->ns),
+		.lock = spinlock_create(),
 	);
 
-	if (!this->enable_ocsp)
-	{
-		DBG1(DBG_LIB, "all OCSP validation disabled");
-	}
-	if (!this->enable_crl)
-	{
-		DBG1(DBG_LIB, "all CRL validation disabled");
-	}
+	reload(this);
+
 	return &this->public;
 }
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.h b/src/libstrongswan/plugins/revocation/revocation_validator.h
index 82cbde26b..9128787f1 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.h
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.h
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
@@ -35,6 +38,11 @@ struct revocation_validator_t {
 	 */
 	cert_validator_t validator;
 
+	/**
+	 * Reload the configuration
+	 */
+	void (*reload)(revocation_validator_t *this);
+
 	/**
 	 * Destroy a revocation_validator_t.
 	 */