aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/swanctl/ocsp-disabled/hosts
diff options
context:
space:
mode:
authorAndreas Steffen <andreas.steffen@strongswan.org>2017-01-02 14:32:46 +0100
committerAndreas Steffen <andreas.steffen@strongswan.org>2017-01-02 14:34:39 +0100
commit91a4a4aa8335c9ff99db85551749ec03eb717462 (patch)
tree7459924f920eaac01c8b1e3c8058217f30bd1be0 /testing/tests/swanctl/ocsp-disabled/hosts
parentdb0953d41fee94ffd578a73e35968aa0f18001fa (diff)
downloadstrongswan-91a4a4aa8335c9ff99db85551749ec03eb717462.tar.bz2
strongswan-91a4a4aa8335c9ff99db85551749ec03eb717462.tar.xz
testing: Added swanctl/ocsp-disabled scenario
Diffstat (limited to 'testing/tests/swanctl/ocsp-disabled/hosts')
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf16
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem27
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem95
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf15
-rwxr-xr-xtesting/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf25
6 files changed, 213 insertions, 0 deletions
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..e3eb4e36d
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,16 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ auths = /usr/local/sbin/swanctl --load-authorities
+ }
+ plugins {
+ revocation {
+ enable_ocsp = no
+ }
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..d6a762b1b
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gafuCqw
+hM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG8Sc6
+DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEboqi3
+8Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAVM7Cd
+UPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMOwHn4
+Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABAoIBAEEGwy5M7mb/G79t
+exP5CqHa/MsRMwFIxlai+z+usMG/fA5BYud/5gCh0MFKRKC63BghoNWUjCzA/1OQ
+AW2hDXjvjTTMREIdCVekuzQYdfVreOliaqDAUqjtpP/nrZTKS6Sc8U2qKmJQFvKY
+V2wPMrXXwQi9BOY9c4R2d36ml7iw6veYhPj0XHy3spJc3V6k7YmbApOQgWDqRwid
+GGnnvDpdD0gAGAOxadCCpV+N9NK+AMSk03Qpcc2ki4THEn2e8Rs1/dH1k5nics/E
+cG9VT9pZtvGXjEX7Wo06v0lXsTRWGWLKhHvzfhIb6uWnC/YUR+7Cv8JYRz+RZn98
+bv5lXokCgYEA1iRf3gH8qwvxQjLtaNKRyr8Bheo3tsOLh2tYriWaUTXqeKAd46zI
+KcWAKtYWJQenVyFvnsMwKNFvFq/HgJGhKTOvZRwsrTb2wXgxcAleOBO+Ts4Vhb9J
+xil8/WcWCKU+GPf8hQOkwVnhv4CxLscCXT2g9zxTpP/JCKmHaucQog8CgYEA0qUC
+NBRMh55bjiHaqsSRvr45iwxzNzd8KK5A/xKyScEl+A4HWdqDpZ+8w9YC4GUQClvH
+cHn5NpWfq9hrNAXPjBzVGXk+JqFcJM/yPImH+Vg8MupJprwVSHJ1mqQ/MPSpxxhy
+iNaWeJX6bhPAgQSOAYbH22uNOGePmMQ8kk3v/OcCgYA7ZzPA3kQ9Hr76Yi5Bmcgf
+ugSuJV73MB+QnVKoXH4GcTJt69zev5t3GvaG64SRGSJupTPVksfVSuPKI1DwdXWD
+fHb3UW2DT2/8E1+DeNXOMIvmSHzn8TyB4BhwIxyVoWEsg/5k17HogQqCmSyNkV8y
+hloUu4NojhwybvTFzvtqOQKBgDL0IVVRt7Vyk/kMrWVziUHXp/m/uDsaG9mHVUee
+USxQIYwgcJzGo+OzgSjqIuX+7GNlEhheGO+gP/CEuGHsKeldrBquXl9f1vc8qf8E
+0bR6KI20aL6BbrCIp3QR2QtRk6QKgOIi7mEa/moUMxPCc0thPAUSviVvv6eXiINn
+gO7vAoGAcvwVy9gDcGTL+4mMjZ07jc/TmQPmOpqosXuDTQZITuovpzY0Nf9KPNJs
+0dTuCaO+N5ZjttxIm6L9h/Ah0BN2Ir+JbplJ5uScWldz0MFJXm1wz7KJCRZQpVIO
+6SJCLSmh4nZ0TIL8V0ABhaFVQK0qq2z/ASljIF6iC68DBEDfuzY=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..4b19e9384
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ revocation = strict
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ esp_proposals = aes128gcm128-curve25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-curve25519
+ }
+}
+
+authorities {
+
+ strongswan {
+ cacert = strongswanCert.pem
+ ocsp_uris = http://ocsp.strongswan.org:8880
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem
new file mode 100644
index 000000000..a1c57b0f0
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem
@@ -0,0 +1,95 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 39 (0x27)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA
+ Validity
+ Not Before: Mar 15 06:42:00 2012 GMT
+ Not After : Mar 14 06:42:00 2017 GMT
+ Subject: C=CH, O=Linux strongSwan, OU=OCSP, CN=carol@strongswan.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b0:33:dd:ed:c0:d6:9d:01:de:eb:08:c4:f9:6a:
+ e9:46:10:f6:a4:cd:7d:aa:79:4b:c2:33:1f:61:40:
+ 40:de:06:9f:b8:2a:b0:84:cd:a7:79:c8:ee:a7:24:
+ 69:08:04:89:f8:7b:62:7e:03:9e:0a:d9:df:ff:7c:
+ 20:3c:a7:b1:86:7f:cc:e6:ad:0c:7e:6f:c4:9b:31:
+ 55:57:92:df:7b:94:86:f1:27:3a:0e:fa:0b:92:58:
+ ad:64:8a:40:46:5d:87:ca:11:20:03:ad:86:68:a5:
+ 0c:8a:19:ce:36:d0:55:bf:1f:00:47:c9:1a:af:c5:
+ ad:14:3c:d7:0c:9e:28:d9:61:1b:a2:a8:b7:f1:56:
+ a7:d9:3b:fa:09:08:2c:9b:75:e3:30:64:5e:93:80:
+ 48:94:35:0d:97:ca:ac:57:66:02:86:b6:1b:6b:f1:
+ 4a:86:30:74:48:38:46:1a:7d:07:61:30:15:33:b0:
+ 9d:50:fc:4d:8c:16:1e:30:13:9f:07:04:7a:3b:92:
+ 54:33:c7:3a:0b:67:e2:ba:46:b0:b3:0d:79:7f:e4:
+ ed:81:bd:34:cb:e5:30:f3:af:d4:dd:52:3e:f5:13:
+ 0e:c0:79:f8:43:c7:f5:b9:b0:12:6a:46:38:db:61:
+ 44:c8:4a:68:7b:77:34:68:63:ef:88:16:be:ae:89:
+ ff:89
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Subject Key Identifier:
+ C5:E8:58:D7:63:B0:B8:D4:2E:22:04:E1:CB:35:34:95:DA:74:F0:E6
+ X509v3 Authority Key Identifier:
+ keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF
+ DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA
+ serial:00
+
+ X509v3 Subject Alternative Name:
+ email:carol@strongswan.org
+ Authority Information Access:
+ OCSP - URI:http://ocsp.strongswan.org:8880
+
+ X509v3 CRL Distribution Points:
+ URI:http://crl.strongswan.org/strongswan.crl
+
+ Signature Algorithm: sha256WithRSAEncryption
+ b6:2d:d8:bb:40:e9:cf:a9:33:31:6c:91:c7:40:79:8c:5f:89:
+ 8e:26:d8:ef:91:67:da:71:75:f9:27:84:21:c3:6c:d1:a5:fb:
+ 50:de:b2:02:ad:3c:a4:6b:40:58:30:41:c7:bd:31:ca:df:77:
+ 00:c9:ac:5b:10:e3:66:71:6c:be:4a:49:7e:58:92:de:f4:16:
+ 51:12:00:2c:33:e2:2c:b5:e5:d4:6e:36:a2:50:ba:86:e3:c6:
+ bb:50:a2:e5:11:69:c4:86:91:fc:4d:65:7e:09:49:bd:d2:ae:
+ cd:70:f8:98:5d:a8:b6:cf:38:c3:19:49:fd:8b:72:3b:1a:cc:
+ fc:19:c9:c1:36:b2:39:ba:ed:9a:cd:db:2d:27:15:b0:ba:8a:
+ 64:4a:5c:8f:ff:db:78:7d:cd:78:c3:c6:13:ba:93:7b:b7:57:
+ da:a3:f2:16:9f:f7:24:95:57:df:f4:4f:c5:9f:d6:12:b1:69:
+ 39:a7:5a:88:9c:74:be:f7:b0:f3:b4:89:82:46:57:de:7d:a1:
+ 42:a2:c2:de:1c:37:19:66:60:2a:df:ed:25:e3:72:d3:f9:9b:
+ 84:05:b6:97:6a:63:63:5c:30:5d:01:7a:15:c4:6e:2c:a0:21:
+ d2:31:30:98:60:94:26:44:9a:08:b4:85:8d:52:00:98:ef:cb:
+ 07:4f:b7:8e
+-----BEGIN CERTIFICATE-----
+MIIEWzCCA0OgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEyMDMxNTA2NDIwMFoXDTE3MDMxNDA2NDIwMFowVjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax
+HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gaf
+uCqwhM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG
+8Sc6DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEb
+oqi38Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAV
+M7CdUPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMO
+wHn4Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABo4IBQzCCAT8wCQYD
+VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFMXoWNdjsLjULiIE4cs1NJXa
+dPDmMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD
+VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry
+b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u
+b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry
+b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0
+cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC2
+Ldi7QOnPqTMxbJHHQHmMX4mOJtjvkWfacXX5J4Qhw2zRpftQ3rICrTyka0BYMEHH
+vTHK33cAyaxbEONmcWy+Skl+WJLe9BZREgAsM+IsteXUbjaiULqG48a7UKLlEWnE
+hpH8TWV+CUm90q7NcPiYXai2zzjDGUn9i3I7Gsz8GcnBNrI5uu2azdstJxWwuopk
+SlyP/9t4fc14w8YTupN7t1fao/IWn/cklVff9E/Fn9YSsWk5p1qInHS+97DztImC
+RlfefaFCosLeHDcZZmAq3+0l43LT+ZuEBbaXamNjXDBdAXoVxG4soCHSMTCYYJQm
+RJoItIWNUgCY78sHT7eO
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3912f5e07
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ plugins {
+ revocation {
+ enable_ocsp = no
+ }
+ }
+}
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7593ab087
--- /dev/null
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ revocation = strict
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ esp_proposals = aes128gcm128-curve25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-curve25519
+ }
+}