stroke: Serve ca section CA certificates directly, not over central CA set
authorMartin Willi <martin@revosec.ch>
Fri, 6 Feb 2015 11:43:33 +0000 (12:43 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 3 Mar 2015 12:50:26 +0000 (13:50 +0100)
commit11c14bd2f516975670d9f04c51b54438730fa64d
treea23aa3009be8f3e0a7012a21026edfc1c9448a37
parentef2c61bc9279a3f7880df67d6af12b785c94694a
stroke: Serve ca section CA certificates directly, not over central CA set

This makes these CA certificates independent from the purge issued by reread
commands. Certificates loaded by CA sections can be removed through ipsec.conf
update/reread, while CA certificates loaded implicitly from ipsec.d/cacerts
can individually be reread using ipsec rereadcacerts.
src/libcharon/plugins/stroke/stroke_ca.c
src/libcharon/plugins/stroke/stroke_cred.c
src/libcharon/plugins/stroke/stroke_cred.h