}
}
+METHOD(credential_manager_t, issued_by, bool,
+ private_credential_manager_t *this, certificate_t *subject,
+ certificate_t *issuer, signature_scheme_t *scheme)
+{
+ if (this->cache)
+ {
+ return this->cache->issued_by(this->cache, subject, issuer, scheme);
+ }
+ return subject->issued_by(subject, issuer, scheme);
+}
+
METHOD(credential_manager_t, cache_cert, void,
private_credential_manager_t *this, certificate_t *cert)
{
subject->get_issuer(subject), trusted);
while (enumerator->enumerate(enumerator, &candidate))
{
- if (this->cache->issued_by(this->cache, subject, candidate, scheme))
+ if (issued_by(this, subject, candidate, scheme))
{
issuer = candidate->get_ref(candidate);
break;
if (issuer)
{
/* accept only self-signed CAs as trust anchor */
- if (this->cache->issued_by(this->cache, issuer, issuer, NULL))
+ if (issued_by(this, issuer, issuer, NULL))
{
auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer));
DBG1(DBG_CFG, " using trusted ca certificate \"%Y\"",
/* if we find a trusted self signed certificate, we just accept it.
* However, in order to fulfill authorization rules, we try to build
* the trust chain if it is not self signed */
- if (this->this->cache->issued_by(this->this->cache,
- this->pretrusted, this->pretrusted, NULL) ||
+ if (issued_by(this->this, this->pretrusted, this->pretrusted, NULL) ||
verify_trust_chain(this->this, this->pretrusted, this->auth,
TRUE, this->online))
{
}
else
{
- if (!has_anchor &&
- this->cache->issued_by(this->cache, current, current, NULL))
+ if (!has_anchor && issued_by(this, current, current, NULL))
{ /* If no trust anchor specified, accept any CA */
trustchain->add(trustchain, AUTH_RULE_CA_CERT, current);
return trustchain;
METHOD(credential_manager_t, flush_cache, void,
private_credential_manager_t *this, certificate_type_t type)
{
- this->cache->flush(this->cache, type);
-}
-
-METHOD(credential_manager_t, issued_by, bool,
- private_credential_manager_t *this, certificate_t *subject,
- certificate_t *issuer, signature_scheme_t *scheme)
-{
- return this->cache->issued_by(this->cache, subject, issuer, scheme);
+ if (this->cache)
+ {
+ this->cache->flush(this->cache, type);
+ }
}
METHOD(credential_manager_t, add_set, void,
{
cache_queue(this);
this->cache_queue->destroy(this->cache_queue);
- this->sets->remove(this->sets, this->cache, NULL);
+ if (this->cache)
+ {
+ this->sets->remove(this->sets, this->cache, NULL);
+ this->cache->destroy(this->cache);
+ }
this->sets->destroy(this->sets);
this->local_sets->destroy(this->local_sets);
this->exclusive_local_sets->destroy(this->exclusive_local_sets);
- this->cache->destroy(this->cache);
this->validators->destroy(this->validators);
this->lock->destroy(this->lock);
this->queue_mutex->destroy(this->queue_mutex);
},
.sets = linked_list_create(),
.validators = linked_list_create(),
- .cache = cert_cache_create(),
.cache_queue = linked_list_create(),
.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
.queue_mutex = mutex_create(MUTEX_TYPE_DEFAULT),
this->local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy);
this->exclusive_local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy);
- this->sets->insert_first(this->sets, this->cache);
+ if (lib->settings->get_bool(lib->settings, "libstrongswan.cert_cache", TRUE))
+ {
+ this->cache = cert_cache_create();
+ this->sets->insert_first(this->sets, this->cache);
+ }
return &this->public;
}
projects / thirdparty / strongswan.git / commitdiff
