sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

Added an option to reload certificates from PKCS#11 tokens on SIGHUP

Browse Source
This commit is contained in:
Tobias Brunner 2012-10-01 14:22:54 +02:00
parent ca1c2ee281
commit 3c4d383443
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
man/strongswan.conf.5.in
View File

@ -734,6 +734,9 @@ ENGINE ID to use in the OpenSSL plugin
.BR libstrongswan.plugins.pkcs11.modules
List of available PKCS#11 modules
.TP
.BR libstrongswan.plugins.pkcs11.reload_certs " [no]"
Reload certificates from all tokens if charon receives a SIGHUP
.TP
.BR libstrongswan.plugins.pkcs11.use_dh " [no]"
Whether the PKCS#11 modules should be used for DH and ECDH (see use_ecc option)
.TP

16
src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
View File

@ -160,6 +160,21 @@ static bool handle_certs(private_pkcs11_plugin_t *this,
}
return TRUE;
}
METHOD(plugin_t, reload, bool,
private_pkcs11_plugin_t *this)
{
if (lib->settings->get_bool(lib->settings,
"libstrongswan.plugins.pkcs11.reload_certs", FALSE))
{
DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens");
handle_certs(this, NULL, FALSE, NULL);
handle_certs(this, NULL, TRUE, NULL);
return TRUE;
}
return FALSE;
}
/**
* Add a set of features
*/
@ -292,6 +307,7 @@ plugin_t *pkcs11_plugin_create()
.plugin = {
.get_name = _get_name,
.get_features = _get_features,
.reload = _reload,
.destroy = _destroy,
},
},