[Swan] pluto doesn't reread certfificates

Peter Bendel peter_bendel at de.ibm.com
Mon Sep 14 11:29:49 UTC 2015



Hi all,

Certificates have a validity and expire when the validity is expired.

Thus in a production IPsec implementation it is necessary to replace the
certificates close to the expiration date.

For production servers it is a problem if ipsec service needs to be
restarted to pick up new certificates from the
nss database.

In the following two topics it is mentioned that it is a current limitation
that to re-read the NSS SQlite db the
ipsec service needs to be restarted.

https://lists.libreswan.org/pipermail/swan/2014/000924.html
https://lists.libreswan.org/pipermail/swan/2014/000924.html

It was mentioned by Paul that Matt is working on a solution (Oct. 2014).
However I didn't find any mention in the changelog that this limitation is
already adressed.

Are there plans to fix/change this in the near future ?
Can I somehow help ?

Peter Bendel, IBM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150914/c30159b9/attachment.html>


More information about the Swan mailing list