[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)

5 files changed, 24 insertions, 10 deletions

diff --git a/testing/tests/ikev2/ocsp-signer-cert/description.txt b/testing/tests/ikev2/ocsp-signer-cert/description.txt
index 492a9882b..7c7efb68e 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/description.txt
+++ b/testing/tests/ikev2/ocsp-signer-cert/description.txt
@@ -4,7 +4,7 @@ is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer ce
 issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
 extended key usage flag. <b>carol</b>'s certificate includes an <b>OCSP URI</b>
 in an authority information access extension pointing to <b>winnetou</b>. 
-Therefore no special ca section information is needed in ipsec.conf.
+Therefore no special ca section information is needed in moon's ipsec.conf.
 <p>
 <b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since
 the status of both certificates is <b>good</b>.
diff --git a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
index 4a8ffd412..f8bf0326a 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
@@ -1,13 +1,12 @@
-moon::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
 carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::received valid http response::YES
-carol::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
-carol::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::certificate is good::YES
-carol::cat /var/log/daemon.log::certificate is good::YES
+moon::cat /var/log/daemon.log::requesting ocsp status::YES
+moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon::cat /var/log/daemon.log::ocsp response is valid::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
+carol::cat /var/log/daemon.log::requesting ocsp status::YES
+carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+carol::cat /var/log/daemon.log::ocsp response is valid::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES
 carol::ipsec status::home.*ESTABLISHED::YES
 
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
index f8abd6b59..4011a6c17 100755
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
@@ -5,6 +5,11 @@ config setup
 	strictcrlpolicy=yes
 	plutostart=no
 
+ca strongswan
+	cacert=strongswanCert.pem
+	ocspuri=http://ocsp.strongswan.org:8880
+	auto=add
+
 conn %default
 	keyexchange=ikev2
 	ikelifetime=60m
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}