delay OCSP response by 5 seconds

2 files changed, 19 insertions, 1 deletions

diff --git a/testing/tests/ikev2/ocsp-timeouts/description.txt b/testing/tests/ikev2/ocsp-timeouts/description.txt
index 3e29fe4c6..9ee5db95b 100644
--- a/testing/tests/ikev2/ocsp-timeouts/description.txt
+++ b/testing/tests/ikev2/ocsp-timeouts/description.txt
@@ -3,4 +3,8 @@ and tests the timeouts of the <b>libcurl</b> library used for http-based OCSP fe
 by adding an ocspuri2 in <b>moon</b>'s strongswan ca section that cannot be resolved by
 <b>DNS</b> and an ocspuri2 in <b>carol</b>'s strongswan ca section on which no
 OCSP server is listening. Thanks to timeouts the connection can nevertheless
-be established successfully. 
+be established successfully by contacting a valid OCSP URI contained in
+<b>carol</b>'s certificate.
+<p>
+As an additional test the OCSP response is delayed by 5 seconds in order to check
+the correct handling of retransmitted IKE_AUTH messages.
diff --git a/testing/tests/ikev2/ocsp-timeouts/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-timeouts/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
new file mode 100755
index 000000000..92aa920aa
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-timeouts/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd /etc/openssl
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+# simulate a delayed response
+sleep 5 
+
+/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+                      -rkey ocspKey.pem -rsigner ocspCert.pem \
+		      -nmin 5 \
+		      -reqin /dev/stdin -respout /dev/stdout