From 3c4d38344309f716253a95a3a243b3153faafcac Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 1 Oct 2012 14:22:54 +0200 Subject: [PATCH] Added an option to reload certificates from PKCS#11 tokens on SIGHUP --- man/strongswan.conf.5.in | 3 +++ src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index c4bd6a8..1ffc38e 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -734,6 +734,9 @@ ENGINE ID to use in the OpenSSL plugin .BR libstrongswan.plugins.pkcs11.modules List of available PKCS#11 modules .TP +.BR libstrongswan.plugins.pkcs11.reload_certs " [no]" +Reload certificates from all tokens if charon receives a SIGHUP +.TP .BR libstrongswan.plugins.pkcs11.use_dh " [no]" Whether the PKCS#11 modules should be used for DH and ECDH (see use_ecc option) .TP diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 183fce5..b88ba63 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -160,6 +160,21 @@ static bool handle_certs(private_pkcs11_plugin_t *this, } return TRUE; } + +METHOD(plugin_t, reload, bool, + private_pkcs11_plugin_t *this) +{ + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.reload_certs", FALSE)) + { + DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens"); + handle_certs(this, NULL, FALSE, NULL); + handle_certs(this, NULL, TRUE, NULL); + return TRUE; + } + return FALSE; +} + /** * Add a set of features */ @@ -292,6 +307,7 @@ plugin_t *pkcs11_plugin_create() .plugin = { .get_name = _get_name, .get_features = _get_features, + .reload = _reload, .destroy = _destroy, }, }, -- 2.7.4