Import upstream release 5.2.1

7 files changed, 53 insertions, 30 deletions

diff --git a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
index dc937641c..f585edfca 100644
--- a/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
index dc937641c..f585edfca 100644
--- a/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
index 406c15700..e34a862d2 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
@@ -1,18 +1,18 @@
 -----BEGIN ATTRIBUTE CERTIFICATE-----
 MIIC+DCCAeACAQEwgbCgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHaFe
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMKFe
 pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZ6BG
 MESkQjBAMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEW
-MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIWCKrRUelL+kw
-IhgPMjAxNDAyMDcwODU4MTJaGA8yMDIyMDQyNjA4NTgxMlowIjAgBggrBgEFBQcK
+MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIOfmFTwtXXD0w
+IhgPMjAxNDEwMDMwOTU5MjBaGA8yMDI0MDkzMDA5NTkyMFowIjAgBggrBgEFBQcK
 BDEUMBIwEAwFc2FsZXMMB2ZpbmFuY2UwfzByBgNVHSMEazBpCwHqxzoCXPi2xMHh
 2q7CV/ZSsLChSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJv
 bmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCCBVOfhWvHBdhMAkG
-A1UdOAQCBQAwDQYJKoZIhvcNAQEFBQADggEBADNSv52dbBOp30L0kJse9HqWMBaR
-SA5IDrF1FMLVZfI0Vb9XgEmk1SXAnMmPm7bfk+2w0Rd1jL7D905nel3LXuvohSR9
-wd4Vo8XX3WUlzNfjUEFFJb0nU2ybr7SmxF+K4wGnhvBAym2y/hNA0glp2hNjYTds
-g+RUpM4bSqP5DpUfRBl19VHeEu/OymoACOzuHuNc1IndYM1mkSJYumX6YW60DpF/
-TaK1So3FyEWucHeoFCziNbclrjWwB8OS3JfCOl95rxu+0JhyWc+3x1E50W8DaAnY
-ZRyYxDjYT9/E9xyzV45yo0xFODIgDgfKMsDjfUmfny3dTesdFUf3Ar3vTfA=
+A1UdOAQCBQAwDQYJKoZIhvcNAQEFBQADggEBAB4yDhtbNt9fqE/RBDQCgK7iPifx
+cA4r/xkMgF1pd1CnWEMf3xdNWJ8veICYurnFuP02KzyUB7aqkIdf6T9wBesQIfBV
+QiBmUSP2Du3+d+rhA2vJPAtbJ7dUQy/1CAIqGaLpnfN4q9GevFG4aTeD6bxZhKgU
+73o6899XVCcuc5Hs1Q1Cj6v7+WRXazSTLXnR1D9Q6NqmbY0sigOLnqj4fDUWmUB7
+mtxQ8MJ/YwS3x/0agqnBdsX+AxGh4pVgLtQA0swh10enqjnEpQYh/2MN/vdiZany
+bne4Wow6AP5Re6+VNTsIea3vxShfEjzLcU4hbrJATZgY8pfhQ6zBW9EeuCg=
 -----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
index 2f646c39d..b31fcab9f 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
@@ -1,18 +1,18 @@
 -----BEGIN ATTRIBUTE CERTIFICATE-----
 MIIC9DCCAdwCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf
 pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR
 BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg
 RjBEpEIwQDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
-FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCCPxWgWKmOUM
-MCIYDzIwMTQwMjA3MDg1OTM3WhgPMjAyMjA0MjYwODU5MzdaMB0wGwYIKwYBBQUH
+FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCDDfVDwIujJW
+MCIYDzIwMTQxMDAzMTAwMTU3WhgPMjAyNDA5MzAxMDAxNTdaMB0wGwYIKwYBBQUH
 CgQxDzANMAsMCW1hcmtldGluZzB/MHIGA1UdIwRrMGkLAerHOgJc+LbEweHarsJX
 9lKwsKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
 YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIIFU5+Fa8cF2EwCQYDVR04
-BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAThlKhGVv34sfnCSQn6nYUdxMhboTuC98
-+DgvTQ/tH0hddCJNg00SpO8AbStwEsqHFaSqFzAGHcMk+XUrBRSGszAwg8nKAKfT
-MCvJbK6lWQcPF0WPSSk9/r1TLan4I9xhneNIIGQf1fnNo7NrQnmhJjolUgXQNwFA
-qZgKBsk0jWcOSvI0bpK90km5flCHn/OA1rDCdaPuMwreDhvNDoApORYFPZVsLhid
-CXSqT+FWfm2NfegS+Q4VHP3YLbY4vLepCerU9aMTUIPit0kf1N8piG/l6AUno1XP
-VrcTvruQUWQb08H9aYt7l7kyhzOKkuXjVbdn5egZnK0m4WKmV50guA==
+BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAgA8NaLekpYA1Sr/8MxUeAhTJd5fxeIME
+uGiMpWUEginzkC3YOgzB5hLHTRvcIwtbkVn4HMyVZ2t3ccG30PSjBTOaUeKoZsL0
+psucfiCxIfk4H3yxncqEFOCxqvRgqHARCAeolqP8tsrpJp80fRIlgXJKJfhCSDJP
+Qe+bBI/3ZorBFtQl+Mtc0bxf1SIfXNC2yPHyFIDAvroNE9KxHYXfR/7s6HuoPJl6
+pk0In/jO5YkiiaFdVBSbhAqyWkhPBoryWVHOUgl6fC/7U5SjYdf+85XHFjYzTm2k
+iChkqmrdkJJNjqYQgcY9Qah/KW9Nl5upMF/xuKI2cA68XXJeEpe1xQ==
 -----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
index d42038469..77f530539 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
@@ -1,18 +1,18 @@
 -----BEGIN ATTRIBUTE CERTIFICATE-----
 MIIC8DCCAdgCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp
-bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf
+bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf
 pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR
 BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg
 RjBEpEIwQDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
-FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCEuGbFvrRrtr
-MCIYDzIwMTQwMjA3MDgwMTE3WhgPMjAxNDAyMDcwOTAxMTdaMBkwFwYIKwYBBQUH
+FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCDKmYal/LdaN
+MCIYDzIwMTMwMTAxMDYwMDAwWhgPMjAxMzAxMTEwNjAwMDBaMBkwFwYIKwYBBQUH
 CgQxCzAJMAcMBXNhbGVzMH8wcgYDVR0jBGswaQsB6sc6Alz4tsTB4dquwlf2UrCw
 oUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEb
 MBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBgggVTn4VrxwXYTAJBgNVHTgEAgUA
-MA0GCSqGSIb3DQEBBQUAA4IBAQBYnOq716FJ079kXAt8vmi2GpEyyCqSBqqjr0lR
-X9mGQqWKmpj88ZP61tCooCy8HaJsgKBvedKJHJ4e/YxR+fqBDkT4apFu4wX8P/xh
-yKy6/RMAdTtkwVTE6flXdQryCQ/PGhSMuwwH/URFg65mixAatyyaoat4+mZ506u3
-F9ZZXkHPP4nZXAJqYjLLcNXPqC4lGoXXT+9dgsm6RLAdnBXT1GGff9tmqt9CcspW
-XPjoqy9AxNr6FnItvMGw0CC6MPyVOJImlSxdhFW7waZkpNfmGzRdylXMwHXk8PbW
-gjmlDUbyWquu8xBlpron3X/Jx3YNGVNrhgfZLlmhzCRouMqc
+MA0GCSqGSIb3DQEBBQUAA4IBAQDFbTwtd9XoCNfoweLRyUEkLvygczUcqxwiV0sE
+SUqo6ZIEY/jdtvvvWhvdO1kZo7oZpLXNgElrGoPdsQ6IhgTSpNdyE4JdFd60KwQk
+l8MWaJHyZm7HzFHqu2v2uPYOSpZaHBJFryU9ULkOvlzJILX/J6KtM7/2p+jetIFC
+s6yFBhtBYnih8U3Xyv+g1Q9g3EkosNvjUoz/qiWUsNkvLY7apanAyUxQ54YPXmB1
+OCgomdNLY94OIQDM9VBjSlrnCPMDI/uYZ6jbMczvKI/OypZtqiO0vwQkuXBi2UZy
+WBDOk42oHOvlpjcnL3zkd5spyuxs9f8ABy875660zs+CI3Cv
 -----END ATTRIBUTE CERTIFICATE-----
diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
index cd836a2b7..bae8628f3 100644
--- a/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation acert hmac xcbc stroke kernel-netlink socket-default updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/acert-cached/reissue.txt b/testing/tests/ikev2/acert-cached/reissue.txt
new file mode 100644
index 000000000..6ab98f12a
--- /dev/null
+++ b/testing/tests/ikev2/acert-cached/reissue.txt
@@ -0,0 +1,23 @@
+# Carols acert for sales and finance
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group sales --group finance -l 87600 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
+
+# Daves acert for marketing
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group marketing -l 87600 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves expired acert for sales
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group sales -F "01.01.13 08:00:00" -l 240 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem