Is there any other (set of) command(s) you would recommend I test to see if they accomplish what I need?
-- cm On May 26, 2017, at 9:02 AM, Craig Marker <[email protected]<mailto:[email protected]>> wrote: That doesn’t appear to reread the RSA public keys. -- cm On May 25, 2017, at 6:05 PM, Paul Wouters <[email protected]<mailto:[email protected]>> wrote: That's an interesting bug. Does "ipsec whack --rereadall" help? Sent from my iPhone On May 25, 2017, at 18:55, Craig Marker <[email protected]<mailto:[email protected]>> wrote: Currently, I’m using a NSS directory with imported certificates and keys. When I import a new certificate of the same name as the previously used one, Libreswan’s list of RSA public keys (output of ipsec auto listpubkeys) doesn’t get updated to reflect this change. This is problematic, since Libreswan will continue to use the old public key, which is expiring, and that will eventually kill the tunnel connection. When I run ipsec restart, the RSA public keys get cleared, and when the tunnel connection is reestablished, the correct RSA public key is being used. Is there some set of commands I can use other than ipsec restart to clear old RSA Public Keys and read in new ones? _______________________________________________ Swan mailing list [email protected]<mailto:[email protected]> https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
