diff options
Diffstat (limited to 'testing/tests/ikev1/multi-level-ca')
-rw-r--r-- | testing/tests/ikev1/multi-level-ca/evaltest.dat | 30 | ||||
-rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf | 10 | ||||
-rw-r--r-- | testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf | 5 | ||||
-rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf | 10 | ||||
-rw-r--r-- | testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf | 5 | ||||
-rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf | 5 | ||||
-rw-r--r-- | testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf | 5 |
7 files changed, 35 insertions, 35 deletions
diff --git a/testing/tests/ikev1/multi-level-ca/evaltest.dat b/testing/tests/ikev1/multi-level-ca/evaltest.dat index 72f620b8e..ede771fb6 100644 --- a/testing/tests/ikev1/multi-level-ca/evaltest.dat +++ b/testing/tests/ikev1/multi-level-ca/evaltest.dat @@ -1,12 +1,18 @@ -carol::cat /var/log/auth.log::alice.*we have a cert and are sending it upon request::YES -moon::cat /var/log/auth.log::alice.*we have a cert and are sending it upon request::YES -dave::cat /var/log/auth.log::venus.*we have a cert and are sending it upon request::YES -moon::cat /var/log/auth.log::venus.*we have a cert and are sending it upon request::YES -carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES -carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO -moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO -dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES -dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO -moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO +moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org::YES +carol::cat /var/log/daemon.log::received INVALID_ID_INFORMATION error notify::YES +carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO +moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES +moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::received INVALID_ID_INFORMATION error notify::YES +dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*dave@strongswan.org::NO diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf index d11724c28..3df94ba2d 100755..100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -17,6 +13,7 @@ conn %default leftsendcert=ifasked right=PH_IP_MOON rightid=@moon.strongswan.org + rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA" conn alice rightsubnet=PH_IP_ALICE/32 @@ -25,8 +22,3 @@ conn alice conn venus rightsubnet=PH_IP_VENUS/32 auto=add - - - - - diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..85d8c191f --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default +} diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf index 2d80aad8a..28389112a 100755..100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -17,6 +13,7 @@ conn %default leftsendcert=ifasked right=PH_IP_MOON rightid=@moon.strongswan.org + rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA" conn alice rightsubnet=PH_IP_ALICE/32 @@ -25,8 +22,3 @@ conn alice conn venus rightsubnet=PH_IP_VENUS/32 auto=add - - - - - diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..85d8c191f --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default +} diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf index 9b97015fd..2dfd40f99 100755..100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no ca strongswan cacert=strongswanCert.pem @@ -33,4 +29,3 @@ conn venus right=%any rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" auto=add - diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..85d8c191f --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default +} |