[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Jun 12 04:02:46 UTC 2020
New commits:
commit 308a3d027672569005b88cd18a86a278efcfabda
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 12 00:02:34 2020 -0400
documentation: updated CHANGES
commit 24b507b381d0b97f0686353fea78518137fbc3dd
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 11 23:51:04 2020 -0400
pluto: update seamless nss cert rotation for existing tunnels
Don't do this on a per connection basis (hard to get it to update
all roadwarriors) but just go over all connections.
Rename from rotate_cert to rereadcerts, eg:
ipsec whack --rereadcerts
commit ce2a33e6d897e5065d71030b78bc63922161a093
Author: Myungjin Lee <myungjin.lee at salesforce.com>
Date: Thu Jun 11 16:50:12 2020 -0400
pluto: seamless nss cert rotation for existing tunnels
Libreswan does not support seamless cert rotation. Therefore, when a new
cert is issued and inserted into NSS DB, a tunnel should be torn down
and set up again or pluto needs to be restarted in order to pick up the
new cert. This causes temporary disruption for an existing tunnel. This
patch enables a new feature that allows rotation of cert without bringing
down any active tunnel by replacing an old cert with a new one in pluto.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
More information about the Swan-commit
mailing list