diff options
Diffstat (limited to 'src/charon')
| -rw-r--r-- | src/charon/daemon.c | 13 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.c | 21 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_cred.h | 7 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_socket.c | 10 |
4 files changed, 37 insertions, 14 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 1f2448376..87f33480f 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -456,9 +456,6 @@ static void usage(const char *msg) fprintf(stderr, "Usage: charon\n" " [--help]\n" " [--version]\n" - " [--strictcrlpolicy]\n" - " [--cachecrls]\n" - " [--crlcheckinterval <interval>]\n" " [--use-syslog]\n" " [--debug-<type> <level>]\n" " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n" @@ -474,8 +471,6 @@ static void usage(const char *msg) */ int main(int argc, char *argv[]) { - u_int crl_check_interval = 0; - bool cache_crls = FALSE; bool use_syslog = FALSE; private_daemon_t *private_charon; @@ -512,8 +507,6 @@ int main(int argc, char *argv[]) { "help", no_argument, NULL, 'h' }, { "version", no_argument, NULL, 'v' }, { "use-syslog", no_argument, NULL, 'l' }, - { "cachecrls", no_argument, NULL, 'C' }, - { "crlcheckinterval", required_argument, NULL, 'x' }, /* TODO: handle "debug-all" */ { "debug-dmn", required_argument, &signal, DBG_DMN }, { "debug-mgr", required_argument, &signal, DBG_MGR }, @@ -542,12 +535,6 @@ int main(int argc, char *argv[]) case 'l': use_syslog = TRUE; continue; - case 'C': - cache_crls = TRUE; - continue; - case 'x': - crl_check_interval = atoi(optarg); - continue; case 0: /* option is in signal */ levels[signal] = atoi(optarg); diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 6ce2f8f66..38656b8c5 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -73,6 +73,11 @@ struct private_stroke_cred_t { * mutex to lock lists above */ mutex_t *mutex; + + /** + * cache CRLs to disk? + */ + bool cachecrl; }; /** @@ -527,7 +532,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, */ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) { - if (cert->get_type(cert) == CERT_X509_CRL) + if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl) { /* CRLs get cached to /etc/ipsec.d/crls/authkeyId.der */ crl_t *crl = (crl_t*)cert; @@ -561,6 +566,17 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) } /** + * Implementation of stroke_cred_t.cachecrl. + */ +static void cachecrl(private_stroke_cred_t *this, bool enabled) +{ + DBG1(DBG_CFG, "crl caching to %s %s", + CRL_DIR, enabled ? "enabled" : "disabled"); + this->cachecrl = enabled; +} + + +/** * Convert a string of characters into a binary secret * A string between single or double quotes is treated as ASCII characters * A string prepended by 0x is treated as HEX and prepended by 0s as Base64 @@ -912,6 +928,7 @@ stroke_cred_t *stroke_cred_create() this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg))reread; this->public.load_ca = (certificate_t*(*)(stroke_cred_t*, char *filename))load_ca; this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer; + this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; this->certs = linked_list_create(); @@ -922,6 +939,8 @@ stroke_cred_t *stroke_cred_create() load_certs(this); load_secrets(this); + this->cachecrl = FALSE; + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h index cbfed1175..1b9ef986e 100644 --- a/src/charon/plugins/stroke/stroke_cred.h +++ b/src/charon/plugins/stroke/stroke_cred.h @@ -63,6 +63,13 @@ struct stroke_cred_t { certificate_t* (*load_peer)(stroke_cred_t *this, char *filename); /** + * Enable/Disable CRL caching to disk. + * + * @param enabled TRUE to enable, FALSE to disable + */ + void (*cachecrl)(stroke_cred_t *this, bool enabled); + + /** * Destroy a stroke_cred instance. */ void (*destroy)(stroke_cred_t *this); diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c index 9ee5a2410..03bc470ea 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/charon/plugins/stroke/stroke_socket.c @@ -355,6 +355,13 @@ static void stroke_loglevel(private_stroke_socket_t *this, stroke_msg_t *msg, FI charon->syslog->set_level(charon->syslog, signal, msg->loglevel.level); } +/** + * set various config options + */ +static void stroke_config(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) +{ + this->cred->cachecrl(this->cred, msg->config.cachecrl); +} /** * destroy a job context @@ -448,6 +455,9 @@ static job_requeue_t process(stroke_job_context_t *ctx) case STR_LOGLEVEL: stroke_loglevel(this, msg, out); break; + case STR_CONFIG: + stroke_config(this, msg, out); + break; case STR_LIST: stroke_list(this, msg, out); break; |