This commit adds a new operation to IPSec server/client
to verify if local CA certificate is different from active
controller and renew it in case of failure. This operation
is executed everytime a system boot.
The operation is the comparison of the server cert serial
and the local cert serial. Because during initial authentication,
the server sends public CA certificate to each node to validade
the connection, but it's changed when the server update the
certificates.
Test Plan:
PASS: Full build, system install, bootstrap and unlock DX system w/
unlocked enabled available status. Then, add a worker node and
observe IPSec is enabled in all nodes and SAs are established.
PASS: Turn worker node off and update certificates in the controller
nodes. Then, turn on the worker node again and observe that
after reboot, the node will update the certificates and
establish SAs with the other nodes.
Story: 2010940
Task: 50379
Change-Id: I1e765964797db9a35dc6fad00789b9c9c6232a49
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
71bfe8a610