[Swan] pluto doesn't reread certfificates
Wolfgang Nothdurft
wolfgang at linogate.de
Mon Apr 28 14:26:03 EEST 2014
Hi,
I'd like to migrate from openswan to libreswan on our internet appliance.
For our customers, we need the ability to restart single connections on
configuration or certficate changes.
Unfortunately this seems not possible with the nss database.
I found one comment from Paul here:
https://bugzilla.redhat.com/show_bug.cgi?id=649420
I can't find any infos about changes to nss or pluto regarding the
reload issue.
Are there any plans about that?
A quick hack was to back port load_host_cert and using the old file
mechanism, but I don't know what trouble I get with this in future
versions. ;)
I understand that nss is mainly needed for crypt functions and that is
not the problem.
But is there any reason why you didn't make the way the certificates are
stored an option and removed the entire code about file based certificates?
Is there any other solution I can work around this problem?
Greetings
Wolfgang
More information about the Swan
mailing list