summaryrefslogtreecommitdiff
path: root/testing/tests/ikev1/multi-level-ca
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/ikev1/multi-level-ca')
-rw-r--r--testing/tests/ikev1/multi-level-ca/evaltest.dat30
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf10
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf5
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf10
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf5
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf5
7 files changed, 35 insertions, 35 deletions
diff --git a/testing/tests/ikev1/multi-level-ca/evaltest.dat b/testing/tests/ikev1/multi-level-ca/evaltest.dat
index 72f620b8e..ede771fb6 100644
--- a/testing/tests/ikev1/multi-level-ca/evaltest.dat
+++ b/testing/tests/ikev1/multi-level-ca/evaltest.dat
@@ -1,12 +1,18 @@
-carol::cat /var/log/auth.log::alice.*we have a cert and are sending it upon request::YES
-moon::cat /var/log/auth.log::alice.*we have a cert and are sending it upon request::YES
-dave::cat /var/log/auth.log::venus.*we have a cert and are sending it upon request::YES
-moon::cat /var/log/auth.log::venus.*we have a cert and are sending it upon request::YES
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org::YES
+carol::cat /var/log/daemon.log::received INVALID_ID_INFORMATION error notify::YES
+carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::received INVALID_ID_INFORMATION error notify::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*dave@strongswan.org::NO
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
index d11724c28..3df94ba2d 100755..100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
conn %default
ikelifetime=60m
@@ -17,6 +13,7 @@ conn %default
leftsendcert=ifasked
right=PH_IP_MOON
rightid=@moon.strongswan.org
+ rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
conn alice
rightsubnet=PH_IP_ALICE/32
@@ -25,8 +22,3 @@ conn alice
conn venus
rightsubnet=PH_IP_VENUS/32
auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
index 2d80aad8a..28389112a 100755..100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
conn %default
ikelifetime=60m
@@ -17,6 +13,7 @@ conn %default
leftsendcert=ifasked
right=PH_IP_MOON
rightid=@moon.strongswan.org
+ rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
conn alice
rightsubnet=PH_IP_ALICE/32
@@ -25,8 +22,3 @@ conn alice
conn venus
rightsubnet=PH_IP_VENUS/32
auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
index 9b97015fd..2dfd40f99 100755..100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
ca strongswan
cacert=strongswanCert.pem
@@ -33,4 +29,3 @@ conn venus
right=%any
rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
auto=add
-
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}