From 05ddd767992d68bb38c7f16ece142e8c2e9ae016 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@corsac.net>
Date: Sat, 1 Apr 2017 16:26:44 +0200
Subject: New upstream version 5.5.2

---
 testing/tests/swanctl/ocsp-disabled/description.txt | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 testing/tests/swanctl/ocsp-disabled/description.txt

(limited to 'testing/tests/swanctl/ocsp-disabled/description.txt')

diff --git a/testing/tests/swanctl/ocsp-disabled/description.txt b/testing/tests/swanctl/ocsp-disabled/description.txt
new file mode 100644
index 000000000..4875229ff
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-disabled/description.txt
@@ -0,0 +1,10 @@
+By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
+both roadwarrior <b>carol</b> and gateway <b>moon</b>. 
+Client <b>carol</b>'s certificate includes an <b>OCSP URI</b> in an authority information
+access extension pointing to <b>winnetou</b>. Gateway <b>moon</b>'s certificate doesn't 
+contain any such extensions but <b>carol</b>'s swanctl.conf contains a corresponding
+authorities section. With the directive <b>charon.plugins.revocation.enable_ocsp = no</b>
+in strongswan.conf all OCSP fetching is disabled and a fallback to CRL fetching occurs. 
+<p/>
+<b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since
+the status of both certificates is <b>good</b>.
-- 
cgit v1.2.3