[Swan] Reread RSA Public Keys
Craig Marker
cmarker at inspeednetworks.com
Fri May 26 16:02:42 UTC 2017
That doesn’t appear to reread the RSA public keys.
--
cm
On May 25, 2017, at 6:05 PM, Paul Wouters <paul at nohats.ca<mailto:paul at nohats.ca>> wrote:
That's an interesting bug.
Does "ipsec whack --rereadall" help?
Sent from my iPhone
On May 25, 2017, at 18:55, Craig Marker <cmarker at inspeednetworks.com<mailto:cmarker at inspeednetworks.com>> wrote:
Currently, I’m using a NSS directory with imported certificates and keys. When I import a new certificate of the same name as the previously used one, Libreswan’s list of RSA public keys (output of ipsec auto listpubkeys) doesn’t get updated to reflect this change.
This is problematic, since Libreswan will continue to use the old public key, which is expiring, and that will eventually kill the tunnel connection. When I run ipsec restart, the RSA public keys get cleared, and when the tunnel connection is reestablished, the correct RSA public key is being used.
Is there some set of commands I can use other than ipsec restart to clear old RSA Public Keys and read in new ones?
_______________________________________________
Swan mailing list
Swan at lists.libreswan.org<mailto:Swan at lists.libreswan.org>
https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20170526/5cdfda99/attachment.html>
More information about the Swan
mailing list