vici: flush-certs command flushes certificate cache
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 8 Sep 2016 09:59:02 +0000 (11:59 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 13 Sep 2016 15:02:59 +0000 (17:02 +0200)
commit2c7cfe76303bce498ce302da31bc1e028a6af53a
tree293197bdf8582e733fdc9c81d705e11d6fefdb4e
parent8efcc78f2b1c5a231fda6a2bfe401c0afafc4697
vici:  flush-certs command flushes certificate cache

When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
src/libcharon/plugins/vici/README.md
src/libcharon/plugins/vici/perl/Vici-Session/README.pod
src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
src/libcharon/plugins/vici/python/vici/session.py
src/libcharon/plugins/vici/ruby/lib/vici.rb
src/libcharon/plugins/vici/vici_cred.c
src/swanctl/Makefile.am
src/swanctl/command.h
src/swanctl/commands/flush_certs.c [new file with mode: 0644]