[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)

5 files changed, 23 insertions, 1 deletions

diff --git a/testing/tests/ikev2/multi-level-ca/evaltest.dat b/testing/tests/ikev2/multi-level-ca/evaltest.dat
index 6cb0bd8ae..e4eafe966 100644
--- a/testing/tests/ikev2/multi-level-ca/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca/evaltest.dat
@@ -1,12 +1,20 @@
+moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
 carol::ipsec status::alice.*INSTALLED::YES
 moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
 carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
 carol::ipsec status::venus.*INSTALLED::NO
+moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Sales CA::YES
 moon::cat /var/log/daemon.log::traffic selectors PH_IP_VENUS/32 === PH_IP_CAROL/32.*inacceptable::YES
 moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO
 dave::ipsec status::venus.*INSTALLED::YES
 moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
 dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
 dave::ipsec status::alice.*INSTALLED::NO
+moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
 moon::cat /var/log/daemon.log::traffic selectors PH_IP_ALICE/32 === PH_IP_DAVE/32.*inacceptable::YES
 moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
index e1ee6e8d6..d0240a333 100755
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	charondebug="cfg 2"
 	crlcheckinterval=180
 	strictcrlpolicy=no
 	plutostart=no
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}