2015-01-29 15:18 GMT+01:00 Emeric POUPON <[email protected]>: > Hello, > > Thanks for your patch: I think it is definitely a good idea to flush > connections that are no longer up to date with the configuration files. > Did you manage to make an updated patch?
Hello Emeric, I had to switch to priority tasks, so I let this patch in standby (long term standby ;-)). I'll try to find some time to add an option in strongswan.conf. > I have another related problem: > I have two CA certificates in ipsec.d/cacerts. I can see them using "ipsec > listcacerts" > If I remove one of them and perform a "ipsec rereadcacerts", I can see in > charon's log that the only remaining CA certificate is reloaded. > However, I still see the two CA certs using the "ipsec listcacerts" command. > "ipsec purgecerts" does not seem to help. > Remote peers successfully manage to authenticate using the removed CA cert, > that is quite annoying. > > Any idea Obviously additional clean up is desirable. Best Regards, Christophe _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
