diff options
Diffstat (limited to 'testing/tests/ikev2/two-certs/description.txt')
| -rw-r--r-- | testing/tests/ikev2/two-certs/description.txt | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/testing/tests/ikev2/two-certs/description.txt b/testing/tests/ikev2/two-certs/description.txt index 46ca8fec1..94ffaa487 100644 --- a/testing/tests/ikev2/two-certs/description.txt +++ b/testing/tests/ikev2/two-certs/description.txt @@ -1,6 +1,7 @@ -The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each -to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>. -Gateway <b>moon</b> has already loaded a revoked certificate for <b>carol</b> -and a self-signed certificate for <b>dave</b> locally but gets actual certificates -as CERT payloads from both peers. The RSA signature verification process tries all -candidate peer certificates until it finds a valid one with a matching public key. +The roadwarrior <b>carol</b> possesses two different X.509 certificates plus +matching RSA private keys. With the first certificate <b>carol</b> authenticates +a tunnel connection to gateway <b>moon</b> in order to reach client <b>alice</b> +and presents the second certificate in order to reach client <b>venus</b> using +the identity <b>carol@strongswan.org</b> for both IKE security associations. +Therefore the RSA signature verification process on <b>moon</b> tries all +candidate peer certificates until it finds the correct RSA public key. |