respecting ipsec.conf cachecrls= option

1 files changed, 20 insertions, 1 deletions

diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index 6ce2f8f66..38656b8c5 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -73,6 +73,11 @@ struct private_stroke_cred_t {
 	 * mutex to lock lists above
 	 */
 	mutex_t *mutex;
+	
+	/**
+	 * cache CRLs to disk?
+	 */
+	bool cachecrl;
 };
 
 /**
@@ -527,7 +532,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
  */
 static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
 {
-	if (cert->get_type(cert) == CERT_X509_CRL)
+	if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
 	{
 		/* CRLs get cached to /etc/ipsec.d/crls/authkeyId.der */
 		crl_t *crl = (crl_t*)cert;
@@ -561,6 +566,17 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
 }
 
 /**
+ * Implementation of stroke_cred_t.cachecrl.
+ */
+static void cachecrl(private_stroke_cred_t *this, bool enabled)
+{
+	DBG1(DBG_CFG, "crl caching to %s %s",
+		 CRL_DIR, enabled ? "enabled" : "disabled");
+	this->cachecrl = enabled;
+}
+
+
+/**
  * Convert a string of characters into a binary secret
  * A string between single or double quotes is treated as ASCII characters
  * A string prepended by 0x is treated as HEX and prepended by 0s as Base64
@@ -912,6 +928,7 @@ stroke_cred_t *stroke_cred_create()
 	this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg))reread;
 	this->public.load_ca = (certificate_t*(*)(stroke_cred_t*, char *filename))load_ca;
 	this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer;
+	this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl;
 	this->public.destroy = (void(*)(stroke_cred_t*))destroy;
 	
 	this->certs = linked_list_create();
@@ -922,6 +939,8 @@ stroke_cred_t *stroke_cred_create()
 	load_certs(this);
 	load_secrets(this);
 	
+	this->cachecrl = FALSE;
+	
 	return &this->public;
 }