diff options
Diffstat (limited to 'testing/tests/ikev2/ocsp-timeouts-good/description.txt')
| -rw-r--r-- | testing/tests/ikev2/ocsp-timeouts-good/description.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/description.txt b/testing/tests/ikev2/ocsp-timeouts-good/description.txt new file mode 100644 index 000000000..9ee5db95b --- /dev/null +++ b/testing/tests/ikev2/ocsp-timeouts-good/description.txt @@ -0,0 +1,10 @@ +This scenario is based on <a href="../ocsp-signer-cert">ikev2/ocsp-signer-cert</a> +and tests the timeouts of the <b>libcurl</b> library used for http-based OCSP fetching +by adding an ocspuri2 in <b>moon</b>'s strongswan ca section that cannot be resolved by +<b>DNS</b> and an ocspuri2 in <b>carol</b>'s strongswan ca section on which no +OCSP server is listening. Thanks to timeouts the connection can nevertheless +be established successfully by contacting a valid OCSP URI contained in +<b>carol</b>'s certificate. +<p> +As an additional test the OCSP response is delayed by 5 seconds in order to check +the correct handling of retransmitted IKE_AUTH messages. |