Hello,
I'm new to libreswan and while reading documentation and doing some
tests, I observed that ipsec command permit to initialize an NSS
database, to create a key, to show stored keys but, surprisingly, not to
delete keys. Then I searched how to do it but was not so simple and I
discovered that certutil learned only recently (version 3.39) to delete
keys:
https://bugzilla.mozilla.org/show_bug.cgi?id=291383
I guess this is the reason why also libreswan lacked this functionality
until now, so I'm writing here in case you didn't know about this new
certutil feature.
It would be good if one day we can use something like:
ipsec delhostkey --ckaid CKAID
Without having to search for the equivalent:
certutil -F -k CKAID -d /var/lib/ipsec/nss/
Cesare.
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
