diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-09-08 11:59:02 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-09-13 17:02:59 +0200 |
| commit | 2c7cfe76303bce498ce302da31bc1e028a6af53a (patch) | |
| tree | 293197bdf8582e733fdc9c81d705e11d6fefdb4e /src/libcharon/plugins/vici/python | |
| parent | 8efcc78f2b1c5a231fda6a2bfe401c0afafc4697 (diff) | |
| download | strongswan-2c7cfe76303bce498ce302da31bc1e028a6af53a.tar.bz2 strongswan-2c7cfe76303bce498ce302da31bc1e028a6af53a.tar.xz | |
vici: flush-certs command flushes certificate cache
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
Diffstat (limited to 'src/libcharon/plugins/vici/python')
| -rw-r--r-- | src/libcharon/plugins/vici/python/vici/session.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/libcharon/plugins/vici/python/vici/session.py b/src/libcharon/plugins/vici/python/vici/session.py index 66de8590a..eabdb4226 100644 --- a/src/libcharon/plugins/vici/python/vici/session.py +++ b/src/libcharon/plugins/vici/python/vici/session.py @@ -166,6 +166,17 @@ class Session(object): """ self.handler.request("load-shared", secret) + def flush_certs(self, filter=None): + """Flush the volatile certificate cache. + + Flush the certificate stored temporarily in the cache. The filter + allows to flush only a certain type of certificates, e.g. CRLs. + + :param filter: flush only certificates of a given type (optional) + :type filter: dict + """ + self.handler.request("flush-certs", filter) + def clear_creds(self): """Clear credentials loaded over vici. |