[strongSwan] [strongSwan IKEv2] Issue in CA certificate updates

Sajal Malhotra sajalmalhotra at gmail.com
Mon Jun 7 12:34:37 CEST 2010


Can you direct me to the place from where i can update the code so that we
can clear the cache externally, or what is the data structure that holds the
cached certificates.

Also, If not flushed on updates, then when does the stack flush these
certificates automatically. Is it only after the daemon is restarted?

Would really appreciate if you could guide me through this.

Actually in our system it is somewhat not acceptable if we would have to
close all SAs(due to daemon restart) on certificates getting updated.

Best Regards

On Thu, Jun 3, 2010 at 5:37 PM, Sajal Malhotra <sajalmalhotra at gmail.com>wrote:

> Hi Martin,
> Thanks for the clarification. If not possible to trigger the flush
> externally, then when does that stack flush these certificates
> automatically.
> Regards
> Sajal
>   On Thu, Jun 3, 2010 at 1:58 PM, Martin Willi <martin at strongswan.org>wrote:
>> Hi,
>> > This is incorrect as the Certificate of peer is signed by previous CA
>> > certificate, which has been deleted in step 4 above.
>> The certificate is probably still in the cache, and therefore accepted.
>> There is currently no way to flush the cache externally, you'll have to
>> restart the daemon.
>> Regards
>> Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100607/9d303cb6/attachment.html>

More information about the Users mailing list