[Swan-commit] Changes to ref refs/heads/master

Paul Wouters paul at vault.libreswan.fi
Fri Jun 12 04:02:46 UTC 2020

New commits:
commit 308a3d027672569005b88cd18a86a278efcfabda
Author: Paul Wouters <pwouters at redhat.com>
Date:   Fri Jun 12 00:02:34 2020 -0400

    documentation: updated CHANGES

commit 24b507b381d0b97f0686353fea78518137fbc3dd
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Jun 11 23:51:04 2020 -0400

    pluto: update seamless nss cert rotation for existing tunnels
    Don't do this on a per connection basis (hard to get it to update
    all roadwarriors) but just go over all connections.
    Rename from rotate_cert to rereadcerts, eg:
    	ipsec whack --rereadcerts

commit ce2a33e6d897e5065d71030b78bc63922161a093
Author: Myungjin Lee <myungjin.lee at salesforce.com>
Date:   Thu Jun 11 16:50:12 2020 -0400

    pluto: seamless nss cert rotation for existing tunnels
    Libreswan does not support seamless cert rotation. Therefore, when a new
    cert is issued and inserted into NSS DB, a tunnel should be torn down
    and set up again or pluto needs to be restarted in order to pick up the
    new cert. This causes temporary disruption for an existing tunnel. This
    patch enables a new feature that allows rotation of cert without bringing
    down any active tunnel by replacing an old cert with a new one in pluto.
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

More information about the Swan-commit mailing list