diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 13:49:51 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 13:55:32 +0200 |
| commit | 0da10b73addd8c181bed0772c7eac32d28d8af77 (patch) | |
| tree | bc4de00b193d986ae95515efd9a6b8e21487b859 /testing/tests/ikev2 | |
| parent | 4366494d72c58ab6a926f60b1639d3e76e5c9213 (diff) | |
| download | strongswan-0da10b73addd8c181bed0772c7eac32d28d8af77.tar.bz2 strongswan-0da10b73addd8c181bed0772c7eac32d28d8af77.tar.xz | |
testing: Fix ikev2/two-certs scenario
Since 6a8a44be88b0 the certificate received by the client is verified
first, before checking the cached certificates for any with matching
identities. So we usually don't have to attempt to verify the signature
with wrong certificates first and can avoid this message.
Diffstat (limited to 'testing/tests/ikev2')
| -rw-r--r-- | testing/tests/ikev2/two-certs/evaltest.dat | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat index 422c76e2e..41601102f 100644 --- a/testing/tests/ikev2/two-certs/evaltest.dat +++ b/testing/tests/ikev2/two-certs/evaltest.dat @@ -2,7 +2,7 @@ moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongs moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES +moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::NO moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES |