Hi all,
Certificates have a validity and expire when the validity is expired. Thus in a production IPsec implementation it is necessary to replace the certificates close to the expiration date. For production servers it is a problem if ipsec service needs to be restarted to pick up new certificates from the nss database. In the following two topics it is mentioned that it is a current limitation that to re-read the NSS SQlite db the ipsec service needs to be restarted. https://lists.libreswan.org/pipermail/swan/2014/000924.html https://lists.libreswan.org/pipermail/swan/2014/000924.html It was mentioned by Paul that Matt is working on a solution (Oct. 2014). However I didn't find any mention in the changelog that this limitation is already adressed. Are there plans to fix/change this in the near future ? Can I somehow help ? Peter Bendel, IBM
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
