[strongSwan] How to flush certificate cache

Andreas Steffen andreas.steffen at strongswan.org
Fri Dec 10 10:58:55 CET 2010

Hello Martin,

could you rename the new commands to

  "ipsec purgecrls" and "ipsec purgecerts"

in order to keep them consistent with the existing commands

  "ipsec listcrls" and "ipsec listcerts"

as is the case with the commands

  "ipsec purgeocsp" and ipsec listocsp".



On 12/10/2010 09:52 AM, Martin Willi wrote:
>> How can I flush these old entries without having to restart?
> While looking at this issue, I pushed a patch that that flushes the
> cache with the "ipsec purgecrl" and "ipsec purgex509" commands.
> This is, however, insufficient. The certificates are actually never
> removed from the backend. Doing so during "ipsec reload" is not trivial,
> as we store the certificates independent from the configuration. I'll
> try to find a solution.
> Regards
> Martin

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list