[strongSwan] How to flush certificate cache

Martin Willi martin at strongswan.org
Fri Dec 10 09:52:37 CET 2010

> How can I flush these old entries without having to restart?

While looking at this issue, I pushed a patch that that flushes the
cache with the "ipsec purgecrl" and "ipsec purgex509" commands.

This is, however, insufficient. The certificates are actually never
removed from the backend. Doing so during "ipsec reload" is not trivial,
as we store the certificates independent from the configuration. I'll
try to find a solution.


More information about the Users mailing list