From b0d8ed94fe9e74afb49fdf5f11e4add29879c65c Mon Sep 17 00:00:00 2001
From: Rene Mayrhofer <rene@mayrhofer.eu.org>
Date: Thu, 12 Apr 2007 20:30:08 +0000
Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.1.1)

---
 testing/tests/ikev2/ocsp-revoked/description.txt | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 testing/tests/ikev2/ocsp-revoked/description.txt

(limited to 'testing/tests/ikev2/ocsp-revoked/description.txt')

diff --git a/testing/tests/ikev2/ocsp-revoked/description.txt b/testing/tests/ikev2/ocsp-revoked/description.txt
new file mode 100644
index 000000000..73d072549
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-revoked/description.txt
@@ -0,0 +1,9 @@
+By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
+both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
+is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate
+issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
+extended key usage flag. A strongswan <b>ca</b> section in ipsec.conf defines an
+<b>OCSP URI</b> pointing to <b>winnetou</b>.
+<p>
+<b>carol</b> tries to initiate an IPsec connection to <b>moon</b> but fails 
+because <b>carol</b>'s certificate has been <b>revoked</b>.
-- 
cgit v1.2.3