Hi Martin, Thanks for the help
I tried the patch you gave. After compilation with your patch we followed the steps below:- 1. gave the following ipsec.conf file to IKEv2 stack having two ca sections:- *********start ipsec.conf***************************** config setup cachecrls=no charonstart=yes plutostart=no strictcrlpolicy=no uniqueids=no ca OldWithNew cacert=/tmp/cacertown.pem auto=add ca NewWithNew cacert=/tmp/cacertnwn.pem auto=add conn test1 ikelifetime=24h keyexchange=ikev2 keyingtries=%forever keylife=90m reauth=no rekey=yes mobike=no dpddelay=0 rekeymargin=4m ike=aes128-sha1-modp1024,3des-sha1-modp1024! esp=aes128-sha1-modp1024,3des-sha1-modp1024! authby=rsasig left=20.20.20.21 leftsubnet=16.16.16.2/32 right=10.10.10.2 rightsubnet=14.14.14.2/32 leftprotoport=sctp/4000 rightprotoport=sctp/4000 leftcert=/tmp/mycert.pem rightid=%any auto=add ***********end ipsec.conf***************************** 2. After that I removed the 'OldWithNew' ca section from the ipsec.conf (only one ca section is removed) and fired 'ipsec reload' command. *3. In display of "ipsec listall" CA information section shows one 1 Ca cert however in CA cert section and also in output of command 'ipsec listcacerts' it still shows 2 ca certs.* Can you tell me if there is any other way to fix this? Thanks for your help. Regards, Sajal On Mon, Jun 7, 2010 at 5:26 PM, Martin Willi <[email protected]> wrote: > > > > Can you direct me to the place from where i can update the code so > > that we can clear the cache externally > > Please try the attached patch, it should flush the certificate cache if > a CA section is deleted via "ipsec reload". I'll push it if this works > for your setup. > > Regards > Martin > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
