[Swan] pluto doesn't reread certfificates
Peter Bendel
peter_bendel at de.ibm.com
Mon Sep 14 11:29:49 UTC 2015
Hi all,
Certificates have a validity and expire when the validity is expired.
Thus in a production IPsec implementation it is necessary to replace the
certificates close to the expiration date.
For production servers it is a problem if ipsec service needs to be
restarted to pick up new certificates from the
nss database.
In the following two topics it is mentioned that it is a current limitation
that to re-read the NSS SQlite db the
ipsec service needs to be restarted.
https://lists.libreswan.org/pipermail/swan/2014/000924.html
https://lists.libreswan.org/pipermail/swan/2014/000924.html
It was mentioned by Paul that Matt is working on a solution (Oct. 2014).
However I didn't find any mention in the changelog that this limitation is
already adressed.
Are there plans to fix/change this in the near future ?
Can I somehow help ?
Peter Bendel, IBM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150914/c30159b9/attachment.html>
More information about the Swan
mailing list