diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
| commit | 7585facf05d927eb6df3929ce09ed5e60d905437 (patch) | |
| tree | e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | |
| parent | c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff) | |
| download | vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip | |
Imported Upstream version 5.0.2
Diffstat (limited to 'src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c')
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 42 |
1 files changed, 34 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 183fce53a..9afaf123a 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -19,8 +19,8 @@ #include "pkcs11_plugin.h" #include <library.h> -#include <debug.h> -#include <utils/linked_list.h> +#include <utils/debug.h> +#include <collections/linked_list.h> #include <threading/mutex.h> #include <threading/rwlock.h> @@ -82,13 +82,18 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, this->handle_events_lock->read_lock(this->handle_events_lock); if (add && this->handle_events) { - creds = pkcs11_creds_create(p11, slot); - if (creds) + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.modules.%s.load_certs", + TRUE, p11->get_name(p11))) { - this->mutex->lock(this->mutex); - this->creds->insert_last(this->creds, creds); - this->mutex->unlock(this->mutex); - lib->credmgr->add_set(lib->credmgr, &creds->set); + creds = pkcs11_creds_create(p11, slot); + if (creds) + { + this->mutex->lock(this->mutex); + this->creds->insert_last(this->creds, creds); + this->mutex->unlock(this->mutex); + lib->credmgr->add_set(lib->credmgr, &creds->set); + } } } else if (this->handle_events) @@ -147,6 +152,9 @@ static bool handle_certs(private_pkcs11_plugin_t *this, token_event_cb(this, p11, slot, TRUE); } enumerator->destroy(enumerator); + + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, + CERT_X509, FALSE, (void*)pkcs11_creds_load); } else { @@ -157,9 +165,26 @@ static bool handle_certs(private_pkcs11_plugin_t *this, lib->credmgr->remove_set(lib->credmgr, &creds->set); creds->destroy(creds); } + + lib->creds->remove_builder(lib->creds, (void*)pkcs11_creds_load); } return TRUE; } + +METHOD(plugin_t, reload, bool, + private_pkcs11_plugin_t *this) +{ + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.reload_certs", FALSE)) + { + DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens"); + handle_certs(this, NULL, FALSE, NULL); + handle_certs(this, NULL, TRUE, NULL); + return TRUE; + } + return FALSE; +} + /** * Add a set of features */ @@ -292,6 +317,7 @@ plugin_t *pkcs11_plugin_create() .plugin = { .get_name = _get_name, .get_features = _get_features, + .reload = _reload, .destroy = _destroy, }, }, |