implemented ipsec purgeocsp

2 files changed, 22 insertions, 0 deletions

diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c
index d80738d59..36c8530ca 100644
--- a/src/libstrongswan/crypto/ca.c
+++ b/src/libstrongswan/crypto/ca.c
@@ -492,6 +492,20 @@ ret:
 }
 
 /**
+ * Implements ca_info_t.purge_ocsp
+ */
+static void purge_ocsp(private_ca_info_t *this)
+{
+	pthread_mutex_lock(&(this->mutex));
+
+	this->certinfos->destroy_offset(this->certinfos,
+									offsetof(certinfo_t, destroy));
+	this->certinfos = linked_list_create();
+
+	pthread_mutex_unlock(&(this->mutex));
+}
+
+/**
  * Implements ca_info_t.destroy
  */
 static void destroy(private_ca_info_t *this)
@@ -624,6 +638,7 @@ ca_info_t *ca_info_create(const char *name, x509_t *cacert)
 	this->public.get_certificate = (x509_t* (*) (ca_info_t*))get_certificate;
 	this->public.verify_by_crl = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*))verify_by_crl;
 	this->public.verify_by_ocsp = (cert_status_t (*) (ca_info_t*,const x509_t*,certinfo_t*,credential_store_t*))verify_by_ocsp;
+	this->public.purge_ocsp = (void (*) (ca_info_t*))purge_ocsp;
 	this->public.destroy = (void (*) (ca_info_t*))destroy;
 
 	return &this->public;
diff --git a/src/libstrongswan/crypto/ca.h b/src/libstrongswan/crypto/ca.h
index 3ecf17e03..da51673f7 100644
--- a/src/libstrongswan/crypto/ca.h
+++ b/src/libstrongswan/crypto/ca.h
@@ -178,6 +178,13 @@ struct ca_info_t {
 	cert_status_t (*verify_by_ocsp) (ca_info_t* this, const x509_t* cert, certinfo_t* certinfo, credential_store_t* credentials);
 
 	/**
+	 * @brief Purge the OCSP certinfos of a ca info record
+	 * 
+	 * @param this			ca info object
+	 */
+	void (*purge_ocsp) (ca_info_t *this);
+
+	/**
 	 * @brief Destroys a ca info record
 	 * 
 	 * @param this			ca info to destroy