X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=src%2Fcharon%2Fcredentials%2Fcredential_set.h;h=6a973e991a40811f07c59d109ba4e4d8597f8811;hp=a4e891a84d2ecc3f6cb51229ab25466ac851f46a;hb=dbb24102d46ec61848562cdafad505219d1959b2;hpb=552cc11b1f017ce4962fca741f567d098f768574;ds=sidebyside

diff --git a/src/charon/credentials/credential_set.h b/src/charon/credentials/credential_set.h
index a4e891a..6a973e9 100644
--- a/src/charon/credentials/credential_set.h
+++ b/src/charon/credentials/credential_set.h
@@ -36,6 +36,13 @@ typedef struct credential_set_t credential_set_t;
  * Enumerators are used because queries might return multiple matches.
  * Filter parameters restrict enumeration over specific items only.
  * See credential_manager_t for an overview of the credential framework.
+ *
+ * A credential set enumerator may not block the credential set, i.e. multiple
+ * threads must be able to hold multiple enumerators, as the credential manager
+ * is higly parallelized. The best way to achieve this is by using shared
+ * read locks for the enumerators only. Otherwiese deadlocks will occur.
+ * The writing cache_cert() routine is called by the manager only if no
+ * enumerator is alive, so it is save to use a write lock there.
  */
 struct credential_set_t {
 	
@@ -87,7 +94,17 @@ struct credential_set_t {
 	 * @return			an enumerator over CDPs as char*
 	 */
 	enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
-						certificate_type_t type, identification_t *id);	
+						certificate_type_t type, identification_t *id);
+	
+	/**
+	 * Cache a certificate in the credential set.
+	 *
+	 * The caching policy is implementation dependent, the sets may cache the
+	 * certificate in-memory, persistent on disk or not at all.
+	 *
+	 * @param cert		certificate to cache
+	 */
+	void (*cache_cert)(credential_set_t *this, certificate_t *cert);	
 };
 
 #endif /* CREDENTIAL_SET_H_ @} */