[strongSwan] ipsec purgecerts will purge CA certs

Noel Kuntze noel at familie-kuntze.de
Wed Feb 4 19:41:35 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Pavan,

That might be a bug or intended behaviour.
Please file an issue for that on the issue tracker[1].

[1] https://wiki.strongswan.org/projects/strongswan/issues

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 04.02.2015 um 15:25 schrieb Pavan Maganti:
> Hi,
>
> Currently i have an issue with CA certs which is as follows.
> My requirement is to add/remove additional root CA cert with out restarting IPSEC.
>
> When the CA cert is added under /etc/ipsec.d/cacerts/ folder and executing "ipsec rereadcacerts" command reflects the certificate under "ipsec listcacerts". However, when i delete the CA cert from /etc/ipsec.d/cacerts/ folder and run the command "ipsec purgecerts" is still showing under the ipsec cache.
>
> Do i need to use any other command to remove the deleted CA cert from cache?
> Is this a known limitation in strongswan?
>
>
> Regards,
> Pavan
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU0mffAAoJEDg5KY9j7GZYUyUP/1Z2Dz9JTexM9t9tv76nWP/Q
SuA5AYxAAlh5V1u90ktcFpc3BjnTV3F33DeTvgDHAx5XcUBl3fMn3z1FW5tL3A87
baJCWKggTOwR/QC7lWhmGY6nG7RxdT+CwyKnHMA54mruNDhPryy9vWZ8I4e23F8e
vOVsvRJ9UqCAiGvPmIRbu9+SCPG9xjT0P5cKbgABAW2Gntg5/Vhtjnyb7LZ7g8fh
4qL/QqTL7GSeW2QT/ivDW0/joulHpjHjF6J+Gjy0LUL3uDDeR5UfyVtUe/fTL1Sd
kUGJfNX/EMqFCYChEFTSCgOsyY74C4l0/j3qz7Y20Hm5WNjNS1dmusi0tFaHZrhg
uPbeEO46pMuXE5VRM8reAg2PPDi/MwN6VYOGX0dJcgGpmHS8pfpLmwK34409OQ9f
XUsaFWgsirV377d1qYdcNTvUX18TXqXRcnhlMqFrAX5pcNPzhiDlX1rdwljIU7kH
85Cf3eyYpk6aijXCslB0o871i0JvVsH8k/koUvEuj0Yb3bEFe2V99d7h6we5O4SR
+VIo1OV9CttU+9ZH0Lm6yr4/FotJ5xf3lYke5//ntv7vXWANcC2s6jSgY45NeBUM
c0iru9pYTrsYjc5LPgVBE/RilxT3HDkujS170t3HTUap9qhAQz7lI82XroGpTLw9
F0YShZeakZg/HYjtyn4o
=TV9R
-----END PGP SIGNATURE-----



More information about the Users mailing list