stroke: Change how CA certificates are stored
authorTobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 13:29:33 +0000 (15:29 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 17:33:41 +0000 (19:33 +0200)
commit517cc501ef6a3f20278352acb825abe97b5c1263
tree7bebfef9093d7a224051dd1e22df6683b5d2f33f
parent01d3ecbaf0e5dfa20a3338984a22d30dc7546df9
stroke: Change how CA certificates are stored

Since 11c14bd2f5 CA certificates referenced in ca sections were
enumerated by two credential sets if they were also stored in
ipsec.d/cacerts.  This caused duplicate certificate requests to
get sent.  All CA certificates, whether loaded automatically or
via a ca section, are now stored in stroke_ca_t.

Certificates referenced in ca sections are now also reloaded
when `ipsec rereadcacerts` is used.
src/libcharon/plugins/stroke/stroke_ca.c
src/libcharon/plugins/stroke/stroke_ca.h
src/libcharon/plugins/stroke/stroke_cred.c
src/libcharon/plugins/stroke/stroke_cred.h
src/libcharon/plugins/stroke/stroke_socket.c