diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/ipsec/ipsec.in | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_socket.c | 8 | ||||
| -rw-r--r-- | src/stroke/stroke.c | 8 | ||||
| -rw-r--r-- | src/stroke/stroke_keywords.h | 2 | ||||
| -rw-r--r-- | src/stroke/stroke_keywords.txt | 2 | ||||
| -rw-r--r-- | src/stroke/stroke_msg.h | 4 |
6 files changed, 26 insertions, 2 deletions
diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in index 0bddc201a..362ee4e3d 100755 --- a/src/ipsec/ipsec.in +++ b/src/ipsec/ipsec.in @@ -65,7 +65,7 @@ case "$1" in echo " rereadsecrets|rereadgroups" echo " rereadcacerts|rereadaacerts|rereadocspcerts" echo " rereadacerts|rereadcrls|rereadall" - echo " purgeocsp|purgeike" + echo " purgeocsp|purgecrl|purgex509|purgeike" echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]" echo " openac" echo " pluto" @@ -191,7 +191,7 @@ rereadall|purgeocsp) fi exit "$rc" ;; -purgeike) +purgeike|purgecrl|purgex509) rc=7 if [ -e $IPSEC_CHARON_PID ] then diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 2e321f8b0..aa665cfa0 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -359,6 +359,14 @@ static void stroke_purge(private_stroke_socket_t *this, { lib->credmgr->flush_cache(lib->credmgr, CERT_X509_OCSP_RESPONSE); } + if (msg->purge.flags & PURGE_CRL) + { + lib->credmgr->flush_cache(lib->credmgr, CERT_X509_CRL); + } + if (msg->purge.flags & PURGE_X509) + { + lib->credmgr->flush_cache(lib->credmgr, CERT_X509); + } if (msg->purge.flags & PURGE_IKE) { this->control->purge_ike(this->control, msg, out); diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 7c27e124a..8b43b6d60 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -286,6 +286,8 @@ static int reread(stroke_keyword_t kw) static int purge_flags[] = { PURGE_OCSP, PURGE_IKE, + PURGE_CRL, + PURGE_X509, }; static int purge(stroke_keyword_t kw) @@ -383,6 +385,10 @@ static void exit_usage(char *error) printf(" stroke rereadsecrets|rereadcrls|rereadall\n"); printf(" Purge ocsp cache entries:\n"); printf(" stroke purgeocsp\n"); + printf(" Purge CRL cache entries:\n"); + printf(" stroke purgecrl\n"); + printf(" Purge X509 cache entries:\n"); + printf(" stroke purgex509\n"); printf(" Purge IKE_SAs without a CHILD_SA:\n"); printf(" stroke purgeike\n"); printf(" Export credentials to the console:\n"); @@ -508,6 +514,8 @@ int main(int argc, char *argv[]) res = reread(token->kw); break; case STROKE_PURGE_OCSP: + case STROKE_PURGE_CRL: + case STROKE_PURGE_X509: case STROKE_PURGE_IKE: res = purge(token->kw); break; diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h index a57415e92..71e67c31e 100644 --- a/src/stroke/stroke_keywords.h +++ b/src/stroke/stroke_keywords.h @@ -49,6 +49,8 @@ typedef enum { STROKE_REREAD_CRLS, STROKE_REREAD_ALL, STROKE_PURGE_OCSP, + STROKE_PURGE_CRL, + STROKE_PURGE_X509, STROKE_PURGE_IKE, STROKE_EXPORT_X509, STROKE_LEASES, diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt index 7633da457..099038c2b 100644 --- a/src/stroke/stroke_keywords.txt +++ b/src/stroke/stroke_keywords.txt @@ -56,6 +56,8 @@ rereadacerts, STROKE_REREAD_ACERTS rereadcrls, STROKE_REREAD_CRLS rereadall, STROKE_REREAD_ALL purgeocsp, STROKE_PURGE_OCSP +purgecrl, STROKE_PURGE_CRL +purgex509, STROKE_PURGE_X509 purgeike, STROKE_PURGE_IKE exportx509, STROKE_EXPORT_X509 leases, STROKE_LEASES diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 1abaf6c61..64d9aa7b9 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -107,6 +107,10 @@ enum purge_flag_t { PURGE_OCSP = 0x0001, /** purge IKE_SAs without a CHILD_SA */ PURGE_IKE = 0x0002, + /** purge CRL cache entries */ + PURGE_CRL = 0x0004, + /** purge X509 cache entries */ + PURGE_X509 = 0x0008, }; typedef enum export_flag_t export_flag_t; |