Added an option to reload certificates from PKCS#11 tokens on SIGHUP

diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index c4bd6a8..1ffc38e 100644 (file)
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -734,6 +734,9 @@ ENGINE ID to use in the OpenSSL plugin
 .BR libstrongswan.plugins.pkcs11.modules
 List of available PKCS#11 modules
 .TP
+.BR libstrongswan.plugins.pkcs11.reload_certs " [no]"
+Reload certificates from all tokens if charon receives a SIGHUP
+.TP
 .BR libstrongswan.plugins.pkcs11.use_dh " [no]"
 Whether the PKCS#11 modules should be used for DH and ECDH (see use_ecc option)
 .TP

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index 183fce5..b88ba63 100644 (file)
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -160,6 +160,21 @@ static bool handle_certs(private_pkcs11_plugin_t *this,
        }
        return TRUE;
 }
+
+METHOD(plugin_t, reload, bool,
+       private_pkcs11_plugin_t *this)
+{
+       if (lib->settings->get_bool(lib->settings,
+                                       "libstrongswan.plugins.pkcs11.reload_certs", FALSE))
+       {
+               DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens");
+               handle_certs(this, NULL, FALSE, NULL);
+               handle_certs(this, NULL, TRUE, NULL);
+               return TRUE;
+       }
+       return FALSE;
+}
+
 /**
  * Add a set of features
  */
@@ -292,6 +307,7 @@ plugin_t *pkcs11_plugin_create()
                        .plugin = {
                                .get_name = _get_name,
                                .get_features = _get_features,
+                               .reload = _reload,
                                .destroy = _destroy,
                        },
                },