[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec-tools-devel
Subject:    [Ipsec-tools-devel] reload-config does not flush already read information
From:       divya mohan <divzsecondary () gmail ! com>
Date:       2012-06-19 10:55:41
Message-ID: CAOZAaLAe5ypFb6GwxW3Z_cygcG_kf0kpOE+Un_pGgv3XSBNE+w () mail ! gmail ! com
[Download RAW message or body]

Hi,

In my setup I am using certificates for phase 1 authentication.

I have the following in my racoon.conf

  certificate_type x509 "certs/defaultCertificate.pem"
"private/defaultPrivateKey.pem";

If I modify the certificates (I am modifying the content of the
certificate in that path, no changes are made to racoon.conf), and
send a relaod-config using racoonctl, I see that new certificates from
file system are read to racoon memory (i.e traffic works as expected).

However, tunnel using old certificates also work, meaning that the old
certificates are still in racoon memory (though it was removed from
filesystem, and relaod-config was sent to racoon).

Has anyone faced this issue?

Regards,
Divya Mohan M

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
[prev in list] [next in list] [prev in thread] [next in thread]