tls: support to reinitialise ca_chain wo restart

Type: improvement

Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com>
Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4

2 files changed, 8 insertions, 0 deletions

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index becd29f20e0..14495b2c77e 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -398,6 +398,12 @@ tls_ctx_handshake_is_over (tls_ctx_t * ctx)
   return tls_vfts[ctx->tls_ctx_engine].ctx_handshake_is_over (ctx);
 }
 
+int
+tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id)
+{
+  return tls_vfts[tls_engine_id].ctx_reinit_cachain ();
+}
+
 void
 tls_notify_app_io_error (tls_ctx_t *ctx)
 {
diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h
index 54798e0230f..4a5da15a88f 100644
--- a/src/vnet/tls/tls.h
+++ b/src/vnet/tls/tls.h
@@ -125,6 +125,7 @@ typedef struct tls_engine_vft_
   int (*ctx_stop_listen) (tls_ctx_t * ctx);
   int (*ctx_transport_close) (tls_ctx_t * ctx);
   int (*ctx_app_close) (tls_ctx_t * ctx);
+  int (*ctx_reinit_cachain) (void);
 } tls_engine_vft_t;
 
 tls_main_t *vnet_tls_get_main (void);
@@ -139,6 +140,7 @@ int tls_notify_app_connected (tls_ctx_t * ctx, session_error_t err);
 void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session);
 void tls_notify_app_io_error (tls_ctx_t *ctx);
 void tls_disconnect_transport (tls_ctx_t * ctx);
+int tls_reinit_ca_chain (crypto_engine_type_t tls_engine_id);
 #endif /* SRC_VNET_TLS_TLS_H_ */
 
 /*