vici: flush-certs command flushes certificate cache

When fresh CRLs are released with a high update frequency (e.g. every 24 hours) or OCSP is used then the certificate cache gets quickly filled with stale CRLs or OCSP responses. The new VICI flush-certs command allows to flush e.g. cached CRLs or OCSP responses only. Without the type argument all kind of certificates (e.g. also received end entity and intermediate CA certificates) are purged.
author: Andreas Steffen <andreas.steffen@strongswan.org> 2016-09-08 11:59:02 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2016-09-13 17:02:59 +0200
commit: 2c7cfe76303bce498ce302da31bc1e028a6af53a (patch)
tree: 293197bdf8582e733fdc9c81d705e11d6fefdb4e /src/libcharon/plugins/vici/ruby
parent: 8efcc78f2b1c5a231fda6a2bfe401c0afafc4697 (diff)
download: strongswan-2c7cfe76303bce498ce302da31bc1e028a6af53a.tar.bz2
strongswan-2c7cfe76303bce498ce302da31bc1e028a6af53a.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb
index 018f50766..1a95fc3dd 100644
--- a/src/libcharon/plugins/vici/ruby/lib/vici.rb
+++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb
@@ -449,6 +449,12 @@ module Vici
     end
 
     ##
+    # Flush credential cache.
+    def flush_certs((match = nil)
+      check_success(@transp.request("flush-certs", Message.new(match)))
+    end
+
+    ##
     # Clear all loaded credentials.
     def clear_creds()
       check_success(@transp.request("clear-creds"))
author	Andreas Steffen <andreas.steffen@strongswan.org>	2016-09-08 11:59:02 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2016-09-13 17:02:59 +0200
commit	2c7cfe76303bce498ce302da31bc1e028a6af53a (patch)
tree	293197bdf8582e733fdc9c81d705e11d6fefdb4e /src/libcharon/plugins/vici/ruby
parent	8efcc78f2b1c5a231fda6a2bfe401c0afafc4697 (diff)
download	strongswan-2c7cfe76303bce498ce302da31bc1e028a6af53a.tar.bz2 strongswan-2c7cfe76303bce498ce302da31bc1e028a6af53a.tar.xz