Hi Martin, Any update on this issue ? Is there any other way to fix the issue?
BR Sajal On Thu, Jun 10, 2010 at 5:21 PM, Sajal Malhotra <[email protected]>wrote: > Hi Martin, > > Thanks for the help > > I tried the patch you gave. > > After compilation with your patch we followed the steps below:- > 1. gave the following ipsec.conf file to IKEv2 stack having two ca > sections:- > > *********start ipsec.conf***************************** > config setup > cachecrls=no > charonstart=yes > plutostart=no > strictcrlpolicy=no > uniqueids=no > > ca OldWithNew > cacert=/tmp/cacertown.pem > auto=add > > ca NewWithNew > cacert=/tmp/cacertnwn.pem > auto=add > > conn test1 > ikelifetime=24h > keyexchange=ikev2 > keyingtries=%forever > keylife=90m > reauth=no > rekey=yes > mobike=no > dpddelay=0 > rekeymargin=4m > ike=aes128-sha1-modp1024,3des-sha1-modp1024! > esp=aes128-sha1-modp1024,3des-sha1-modp1024! > authby=rsasig > left=20.20.20.21 > leftsubnet=16.16.16.2/32 > right=10.10.10.2 > rightsubnet=14.14.14.2/32 > leftprotoport=sctp/4000 > rightprotoport=sctp/4000 > leftcert=/tmp/mycert.pem > rightid=%any > auto=add > ***********end ipsec.conf***************************** > > > 2. After that I removed the 'OldWithNew' ca section from the ipsec.conf > (only one ca section is removed) and fired 'ipsec reload' command. > *3. In display of "ipsec listall" CA information section shows one 1 Ca > cert however in CA cert section and also in output of command 'ipsec > listcacerts' it still shows 2 ca certs.* > > Can you tell me if there is any other way to fix this? > > Thanks for your help. > > Regards, > Sajal > > > On Mon, Jun 7, 2010 at 5:26 PM, Martin Willi <[email protected]>wrote: > >> >> >> > Can you direct me to the place from where i can update the code so >> > that we can clear the cache externally >> >> Please try the attached patch, it should flush the certificate cache if >> a CA section is deleted via "ipsec reload". I'll push it if this works >> for your setup. >> >> Regards >> Martin >> >> >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
