respecting ipsec.conf cachecrls= option

3 files changed, 37 insertions, 1 deletions

diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index 6ce2f8f66..38656b8c5 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -73,6 +73,11 @@ struct private_stroke_cred_t {
 	 * mutex to lock lists above
 	 */
 	mutex_t *mutex;
+	
+	/**
+	 * cache CRLs to disk?
+	 */
+	bool cachecrl;
 };
 
 /**
@@ -527,7 +532,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
  */
 static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
 {
-	if (cert->get_type(cert) == CERT_X509_CRL)
+	if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
 	{
 		/* CRLs get cached to /etc/ipsec.d/crls/authkeyId.der */
 		crl_t *crl = (crl_t*)cert;
@@ -561,6 +566,17 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
 }
 
 /**
+ * Implementation of stroke_cred_t.cachecrl.
+ */
+static void cachecrl(private_stroke_cred_t *this, bool enabled)
+{
+	DBG1(DBG_CFG, "crl caching to %s %s",
+		 CRL_DIR, enabled ? "enabled" : "disabled");
+	this->cachecrl = enabled;
+}
+
+
+/**
  * Convert a string of characters into a binary secret
  * A string between single or double quotes is treated as ASCII characters
  * A string prepended by 0x is treated as HEX and prepended by 0s as Base64
@@ -912,6 +928,7 @@ stroke_cred_t *stroke_cred_create()
 	this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg))reread;
 	this->public.load_ca = (certificate_t*(*)(stroke_cred_t*, char *filename))load_ca;
 	this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer;
+	this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl;
 	this->public.destroy = (void(*)(stroke_cred_t*))destroy;
 	
 	this->certs = linked_list_create();
@@ -922,6 +939,8 @@ stroke_cred_t *stroke_cred_create()
 	load_certs(this);
 	load_secrets(this);
 	
+	this->cachecrl = FALSE;
+	
 	return &this->public;
 }
 
diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h
index cbfed1175..1b9ef986e 100644
--- a/src/charon/plugins/stroke/stroke_cred.h
+++ b/src/charon/plugins/stroke/stroke_cred.h
@@ -63,6 +63,13 @@ struct stroke_cred_t {
 	certificate_t* (*load_peer)(stroke_cred_t *this, char *filename);
 	
 	/**
+	 * Enable/Disable CRL caching to disk.
+	 *
+	 * @param enabled		TRUE to enable, FALSE to disable
+	 */
+	void (*cachecrl)(stroke_cred_t *this, bool enabled);
+	
+	/**
      * Destroy a stroke_cred instance.
      */
     void (*destroy)(stroke_cred_t *this);
diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c
index 9ee5a2410..03bc470ea 100644
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ b/src/charon/plugins/stroke/stroke_socket.c
@@ -355,6 +355,13 @@ static void stroke_loglevel(private_stroke_socket_t *this, stroke_msg_t *msg, FI
 	charon->syslog->set_level(charon->syslog, signal, msg->loglevel.level);
 }
 
+/**
+ * set various config options
+ */
+static void stroke_config(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out)
+{
+	this->cred->cachecrl(this->cred, msg->config.cachecrl);
+}
 
 /**
  * destroy a job context
@@ -448,6 +455,9 @@ static job_requeue_t process(stroke_job_context_t *ctx)
 		case STR_LOGLEVEL:
 			stroke_loglevel(this, msg, out);
 			break;
+		case STR_CONFIG:
+			stroke_config(this, msg, out);
+			break;
 		case STR_LIST:
 			stroke_list(this, msg, out);
 			break;