From: Martin Willi <martin@revosec.ch>
Date: Fri, 6 Feb 2015 11:22:32 +0000 (+0100)
Subject: stroke: Purge existing CA/AA certificates during reread
X-Git-Tag: 5.3.0dr1~47^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aba46b104ec0e3e8555f51af2a718ab7f528dde9;p=thirdparty%2Fstrongswan.git

stroke: Purge existing CA/AA certificates during reread
---

diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 31d9e07232..1f021027d6 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -1381,6 +1381,8 @@ METHOD(stroke_cred_t, reread, void,
 	{
 		DBG1(DBG_CFG, "rereading ca certificates from '%s'",
 			 CA_CERTIFICATE_DIR);
+		this->cacerts->clear(this->cacerts);
+		lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
 		load_certdir(this, CA_CERTIFICATE_DIR, CERT_X509, X509_CA);
 	}
 	if (msg->reread.flags & REREAD_OCSPCERTS)
@@ -1394,6 +1396,8 @@ METHOD(stroke_cred_t, reread, void,
 	{
 		DBG1(DBG_CFG, "rereading aa certificates from '%s'",
 			 AA_CERTIFICATE_DIR);
+		this->aacerts->clear(this->aacerts);
+		lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
 		load_certdir(this, AA_CERTIFICATE_DIR, CERT_X509, X509_AA);
 	}
 	if (msg->reread.flags & REREAD_ACERTS)