[Swan] Reread RSA Public Keys
Paul Wouters
paul at nohats.ca
Fri May 26 01:05:01 UTC 2017
That's an interesting bug.
Does "ipsec whack --rereadall" help?
Sent from my iPhone
> On May 25, 2017, at 18:55, Craig Marker <cmarker at inspeednetworks.com> wrote:
>
> Currently, I’m using a NSS directory with imported certificates and keys. When I import a new certificate of the same name as the previously used one, Libreswan’s list of RSA public keys (output of ipsec auto listpubkeys) doesn’t get updated to reflect this change.
>
> This is problematic, since Libreswan will continue to use the old public key, which is expiring, and that will eventually kill the tunnel connection. When I run ipsec restart, the RSA public keys get cleared, and when the tunnel connection is reestablished, the correct RSA public key is being used.
>
> Is there some set of commands I can use other than ipsec restart to clear old RSA Public Keys and read in new ones?
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list