That's an interesting bug. Does "ipsec whack --rereadall" help?
Sent from my iPhone > On May 25, 2017, at 18:55, Craig Marker <[email protected]> wrote: > > Currently, I’m using a NSS directory with imported certificates and keys. > When I import a new certificate of the same name as the previously used one, > Libreswan’s list of RSA public keys (output of ipsec auto listpubkeys) > doesn’t get updated to reflect this change. > > This is problematic, since Libreswan will continue to use the old public key, > which is expiring, and that will eventually kill the tunnel connection. When > I run ipsec restart, the RSA public keys get cleared, and when the tunnel > connection is reestablished, the correct RSA public key is being used. > > Is there some set of commands I can use other than ipsec restart to clear old > RSA Public Keys and read in new ones? > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
