diff options
Diffstat (limited to 'testing/tests/swanctl/ocsp-disabled/description.txt')
| -rw-r--r-- | testing/tests/swanctl/ocsp-disabled/description.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/testing/tests/swanctl/ocsp-disabled/description.txt b/testing/tests/swanctl/ocsp-disabled/description.txt new file mode 100644 index 000000000..4875229ff --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/description.txt @@ -0,0 +1,10 @@ +By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on +both roadwarrior <b>carol</b> and gateway <b>moon</b>. +Client <b>carol</b>'s certificate includes an <b>OCSP URI</b> in an authority information +access extension pointing to <b>winnetou</b>. Gateway <b>moon</b>'s certificate doesn't +contain any such extensions but <b>carol</b>'s swanctl.conf contains a corresponding +authorities section. With the directive <b>charon.plugins.revocation.enable_ocsp = no</b> +in strongswan.conf all OCSP fetching is disabled and a fallback to CRL fetching occurs. +<p/> +<b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since +the status of both certificates is <b>good</b>. |