diff options
| author | Martin Willi <martin@strongswan.org> | 2009-04-14 10:34:24 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-04-14 10:34:24 +0000 |
| commit | a44bb9345f0482b3dace19a27ee40320ddadc75f (patch) | |
| tree | 34d75bd95b2868900213e13c31ddd892d2fd4904 /testing/tests/ikev2/multi-level-ca-cr-resp | |
| parent | 6e5c8d9413234b18a0631cddadd973a9f509708b (diff) | |
| download | strongswan-a44bb9345f0482b3dace19a27ee40320ddadc75f.tar.bz2 strongswan-a44bb9345f0482b3dace19a27ee40320ddadc75f.tar.xz | |
merged multi-auth branch back into trunk
Diffstat (limited to 'testing/tests/ikev2/multi-level-ca-cr-resp')
3 files changed, 9 insertions, 11 deletions
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/description.txt b/testing/tests/ikev2/multi-level-ca-cr-resp/description.txt index b26c8c5d0..06f9f6b91 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/description.txt +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/description.txt @@ -1,8 +1,6 @@ -The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and -<b>venus</b> by means of two different Intermediate CAs. Access to -<b>alice</b> is granted to users presenting a certificate issued by the Research CA -whereas <b>venus</b> can only be reached with a certificate issued by the -Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from -the Research CA and Sales CA, respectively. Responder <b>moon</b> does not possess +The VPN gateway <b>moon</b> grants access to the hosts <b>alice</b> and +<b>venus</b> to anyone presenting a certificate belonging to a trust chain anchored +in the strongSwan Root CA. The hosts <b>carol</b> and <b>dave</b> have certificates from +the intermediate Research CA and Sales CA, respectively. Responder <b>moon</b> does not possess copies of the Research and Sales CA certificates and must therefore request them from -the initiators <b>carol</b> and <b>dave</b>. +the initiators <b>carol</b> and <b>dave</b>, respectively. diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat index d2453bbee..4b827b4dd 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat @@ -7,6 +7,6 @@ moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES +moon::ipsec status::alice.*INSTALLED::YES dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES +moon::ipsec status::venus.*INSTALLED::YES diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf index d0240a333..75138581e 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf @@ -24,11 +24,11 @@ conn %default conn alice leftsubnet=PH_IP_ALICE/32 right=%any - rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" + rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA" auto=add conn venus leftsubnet=PH_IP_VENUS/32 right=%any - rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" + rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA" auto=add |