diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-08-20 15:29:33 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-08-20 19:33:41 +0200 |
| commit | 517cc501ef6a3f20278352acb825abe97b5c1263 (patch) | |
| tree | 7bebfef9093d7a224051dd1e22df6683b5d2f33f /src/libcharon/plugins/stroke/stroke_ca.h | |
| parent | 01d3ecbaf0e5dfa20a3338984a22d30dc7546df9 (diff) | |
| download | strongswan-517cc501ef6a3f20278352acb825abe97b5c1263.tar.bz2 strongswan-517cc501ef6a3f20278352acb825abe97b5c1263.tar.xz | |
stroke: Change how CA certificates are stored
Since 11c14bd2f5 CA certificates referenced in ca sections were
enumerated by two credential sets if they were also stored in
ipsec.d/cacerts. This caused duplicate certificate requests to
get sent. All CA certificates, whether loaded automatically or
via a ca section, are now stored in stroke_ca_t.
Certificates referenced in ca sections are now also reloaded
when `ipsec rereadcacerts` is used.
Diffstat (limited to 'src/libcharon/plugins/stroke/stroke_ca.h')
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_ca.h | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_ca.h b/src/libcharon/plugins/stroke/stroke_ca.h index 21af912ea..2740006e2 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.h +++ b/src/libcharon/plugins/stroke/stroke_ca.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -23,8 +23,7 @@ #define STROKE_CA_H_ #include <stroke_msg.h> - -#include "stroke_cred.h" +#include <credentials/sets/mem_cred.h> typedef struct stroke_ca_t stroke_ca_t; @@ -67,6 +66,29 @@ struct stroke_ca_t { void (*check_for_hash_and_url)(stroke_ca_t *this, certificate_t* cert); /** + * Get a reference to a CA certificate if it is already stored, + * otherwise returns the same certificate. + * + * @param cert certificate to check + * @return reference to stored CA certifiate, or original + */ + certificate_t *(*get_cert_ref)(stroke_ca_t *this, certificate_t *cert); + + /** + * Reload CA certificates referenced in CA sections. Flushes the certificate + * cache. + */ + void (*reload_certs)(stroke_ca_t *this); + + /** + * Replace automatically loaded CA certificates. Flushes the certificate + * cache. + * + * @param certs credential set to take certificates from (not modified) + */ + void (*replace_certs)(stroke_ca_t *this, mem_cred_t *certs); + + /** * Destroy a stroke_ca instance. */ void (*destroy)(stroke_ca_t *this); @@ -75,6 +97,6 @@ struct stroke_ca_t { /** * Create a stroke_ca instance. */ -stroke_ca_t *stroke_ca_create(stroke_cred_t *cred); +stroke_ca_t *stroke_ca_create(); #endif /** STROKE_CA_H_ @}*/ |