diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-10-26 12:48:54 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-10-26 12:48:54 +0200 |
| commit | 2271ebb3258f2759975ef30f16bd7b9b7b2a4414 (patch) | |
| tree | 49ad8b3ead1878a0b62f4d05e7a60ec8bf8cd3cf /src/libstrongswan | |
| parent | 87875086d05c0d5b7825a8810cf42da26b67bc04 (diff) | |
| download | strongswan-2271ebb3258f2759975ef30f16bd7b9b7b2a4414.tar.bz2 strongswan-2271ebb3258f2759975ef30f16bd7b9b7b2a4414.tar.xz | |
Newer CRLs replace older versions of the CRL in the cache
Diffstat (limited to 'src/libstrongswan')
| -rw-r--r-- | src/libstrongswan/credentials/sets/cert_cache.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 60720dc57..9770c9671 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -20,6 +20,7 @@ #include <library.h> #include <threading/rwlock.h> #include <collections/linked_list.h> +#include <credentials/certificates/crl.h> /** cache size, a power of 2 for fast modulo */ #define CACHE_SIZE 32 @@ -88,6 +89,44 @@ static void cache(private_cert_cache_t *this, int i, offset, try; u_int total_hits = 0; + /* cache a CRL by replacing a previous CRL cache entry if present */ + if (subject->get_type(subject) == CERT_X509_CRL) + { + bool is_delta_crl; + crl_t *crl, *cached_crl; + + /* cache a delta CRL ? */ + crl = (crl_t*)subject; + is_delta_crl = crl->is_delta_crl(crl, NULL); + + for (i = 0; i < CACHE_SIZE; i++) + { + rel = &this->relations[i]; + + if (rel->subject && + rel->subject->get_type(rel->subject) == CERT_X509_CRL && + rel->lock->try_write_lock(rel->lock)) + { + /* double-check having lock */ + if (rel->subject->get_type(rel->subject) == CERT_X509_CRL && + rel->issuer->equals(rel->issuer, issuer)) + { + cached_crl = (crl_t*)rel->subject; + + if (cached_crl->is_delta_crl(crl, NULL) == is_delta_crl && + crl_is_newer(crl, cached_crl)) + { + rel->subject->destroy(rel->subject); + rel->subject = subject->get_ref(subject); + rel->scheme = scheme; + return rel->lock->unlock(rel->lock); + } + } + rel->lock->unlock(rel->lock); + } + } + } + /* check for a unused relation slot first */ for (i = 0; i < CACHE_SIZE; i++) { |