----- Original Message ----- > From: "Andrew Cagney" <andrew.cag...@gmail.com> > To: "Libreswan Development List" <swan-dev@lists.libreswan.org> > Sent: Thursday, October 22, 2015 10:32:12 AM > Subject: [Swan-dev] Generate test certificates iff missing > > I'd like to change testing/pluto/Makefile so that "make check" will > generate the certificates iff they are missing (or to be precise, if > the certificate testing/x509/keys/mainca.key is missing). > > - to generate the certificates it will use EAST (although as Matt > pointed out it should probably technically use NIC) > East is fine, since the certs go in the shared directory anyways.
> - it will only generate the certificates if they are missing; i.e., > second and further "make check" won't generate new certificates > > - or to put it the other way, it won't re-generate the certificates if > they are out-of-date (dist_certs.py newer than mainca.key) > > - this does assume that you VM is less than 3 months old > One note is that the CRLs (except for needupdate.crl) are valid for 15 days, so at that point dist_certs should be re-run. Matt _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev