On 24 June 2016 at 10:36, Kim B. Heino <[email protected]> wrote: >> The order here doesn't seem right - are keys really being re-generated >> or just reinstalled? > > Keys are re-generated to host's tmp/{west,east} directories. Those > directories are mounted as docker volumes, they are not included to > container image.
Ah, that works! The critical thing is that all domains can, through a back door, see all the other domains keys. > Currently I have to compile libreswan first to have a program to > generate those keys. As in newhostkey et.al.? The current test framework really really relies on 'static' hostkeys - there are magic numbers hardwired through out the config files; not nice. For CKAIDs, where I deal with generated x509 files, I had to pull some tricks to get around this (look at the *ckaid* tests) - the thing that made it possible was that all domains could access all the keys. just keep that in mind Andrew _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
