diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
| commit | dc9380af81fbce8e1a9532b07bc671b9d346101b (patch) | |
| tree | 219f7df0b01243ac1c41c7f679d1b4c6aef36b27 /src/libstrongswan/credentials/sets/cert_cache.c | |
| parent | 212c0ba74c0e453497b840f9cd131ec99f73754a (diff) | |
| parent | 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (diff) | |
| download | vyos-strongswan-dc9380af81fbce8e1a9532b07bc671b9d346101b.tar.gz vyos-strongswan-dc9380af81fbce8e1a9532b07bc671b9d346101b.zip | |
Merge tag 'upstream/5.5.2'
Upstream version 5.5.2
Diffstat (limited to 'src/libstrongswan/credentials/sets/cert_cache.c')
| -rw-r--r-- | src/libstrongswan/credentials/sets/cert_cache.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 60720dc57..24fdb194b 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -20,6 +21,7 @@ #include <library.h> #include <threading/rwlock.h> #include <collections/linked_list.h> +#include <credentials/certificates/crl.h> /** cache size, a power of 2 for fast modulo */ #define CACHE_SIZE 32 @@ -88,6 +90,43 @@ static void cache(private_cert_cache_t *this, int i, offset, try; u_int total_hits = 0; + /* cache a CRL by replacing a previous CRL cache entry if present */ + if (subject->get_type(subject) == CERT_X509_CRL) + { + crl_t *crl, *cached_crl; + + /* cache a delta CRL ? */ + crl = (crl_t*)subject; + + for (i = 0; i < CACHE_SIZE; i++) + { + rel = &this->relations[i]; + + if (rel->subject && + rel->subject->get_type(rel->subject) == CERT_X509_CRL && + rel->lock->try_write_lock(rel->lock)) + { + /* double-check having lock */ + if (rel->subject->get_type(rel->subject) == CERT_X509_CRL && + rel->issuer->equals(rel->issuer, issuer)) + { + cached_crl = (crl_t*)rel->subject; + + if (cached_crl->is_delta_crl(cached_crl, NULL) == + crl->is_delta_crl(crl, NULL) && + crl_is_newer(crl, cached_crl)) + { + rel->subject->destroy(rel->subject); + rel->subject = subject->get_ref(subject); + rel->scheme = scheme; + return rel->lock->unlock(rel->lock); + } + } + rel->lock->unlock(rel->lock); + } + } + } + /* check for a unused relation slot first */ for (i = 0; i < CACHE_SIZE; i++) { |