diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-01-02 14:32:46 +0100 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-01-02 14:34:39 +0100 |
commit | 91a4a4aa8335c9ff99db85551749ec03eb717462 (patch) | |
tree | 7459924f920eaac01c8b1e3c8058217f30bd1be0 /testing/tests/swanctl/ocsp-disabled/hosts | |
parent | db0953d41fee94ffd578a73e35968aa0f18001fa (diff) | |
download | strongswan-91a4a4aa8335c9ff99db85551749ec03eb717462.tar.bz2 strongswan-91a4a4aa8335c9ff99db85551749ec03eb717462.tar.xz |
testing: Added swanctl/ocsp-disabled scenario
Diffstat (limited to 'testing/tests/swanctl/ocsp-disabled/hosts')
6 files changed, 213 insertions, 0 deletions
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..e3eb4e36d --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf @@ -0,0 +1,16 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + auths = /usr/local/sbin/swanctl --load-authorities + } + plugins { + revocation { + enable_ocsp = no + } + } +} diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..d6a762b1b --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gafuCqw +hM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG8Sc6 +DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEboqi3 +8Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAVM7Cd +UPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMOwHn4 +Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABAoIBAEEGwy5M7mb/G79t +exP5CqHa/MsRMwFIxlai+z+usMG/fA5BYud/5gCh0MFKRKC63BghoNWUjCzA/1OQ +AW2hDXjvjTTMREIdCVekuzQYdfVreOliaqDAUqjtpP/nrZTKS6Sc8U2qKmJQFvKY +V2wPMrXXwQi9BOY9c4R2d36ml7iw6veYhPj0XHy3spJc3V6k7YmbApOQgWDqRwid +GGnnvDpdD0gAGAOxadCCpV+N9NK+AMSk03Qpcc2ki4THEn2e8Rs1/dH1k5nics/E +cG9VT9pZtvGXjEX7Wo06v0lXsTRWGWLKhHvzfhIb6uWnC/YUR+7Cv8JYRz+RZn98 +bv5lXokCgYEA1iRf3gH8qwvxQjLtaNKRyr8Bheo3tsOLh2tYriWaUTXqeKAd46zI +KcWAKtYWJQenVyFvnsMwKNFvFq/HgJGhKTOvZRwsrTb2wXgxcAleOBO+Ts4Vhb9J +xil8/WcWCKU+GPf8hQOkwVnhv4CxLscCXT2g9zxTpP/JCKmHaucQog8CgYEA0qUC +NBRMh55bjiHaqsSRvr45iwxzNzd8KK5A/xKyScEl+A4HWdqDpZ+8w9YC4GUQClvH +cHn5NpWfq9hrNAXPjBzVGXk+JqFcJM/yPImH+Vg8MupJprwVSHJ1mqQ/MPSpxxhy +iNaWeJX6bhPAgQSOAYbH22uNOGePmMQ8kk3v/OcCgYA7ZzPA3kQ9Hr76Yi5Bmcgf +ugSuJV73MB+QnVKoXH4GcTJt69zev5t3GvaG64SRGSJupTPVksfVSuPKI1DwdXWD +fHb3UW2DT2/8E1+DeNXOMIvmSHzn8TyB4BhwIxyVoWEsg/5k17HogQqCmSyNkV8y +hloUu4NojhwybvTFzvtqOQKBgDL0IVVRt7Vyk/kMrWVziUHXp/m/uDsaG9mHVUee +USxQIYwgcJzGo+OzgSjqIuX+7GNlEhheGO+gP/CEuGHsKeldrBquXl9f1vc8qf8E +0bR6KI20aL6BbrCIp3QR2QtRk6QKgOIi7mEa/moUMxPCc0thPAUSviVvv6eXiINn +gO7vAoGAcvwVy9gDcGTL+4mMjZ07jc/TmQPmOpqosXuDTQZITuovpzY0Nf9KPNJs +0dTuCaO+N5ZjttxIm6L9h/Ah0BN2Ir+JbplJ5uScWldz0MFJXm1wz7KJCRZQpVIO +6SJCLSmh4nZ0TIL8V0ABhaFVQK0qq2z/ASljIF6iC68DBEDfuzY= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..4b19e9384 --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + revocation = strict + } + children { + home { + remote_ts = 10.1.0.0/16 + + esp_proposals = aes128gcm128-curve25519 + } + } + version = 2 + proposals = aes128-sha256-curve25519 + } +} + +authorities { + + strongswan { + cacert = strongswanCert.pem + ocsp_uris = http://ocsp.strongswan.org:8880 + } +} diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem new file mode 100644 index 000000000..a1c57b0f0 --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/swanctl/x509/carolCert.pem @@ -0,0 +1,95 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 39 (0x27) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA + Validity + Not Before: Mar 15 06:42:00 2012 GMT + Not After : Mar 14 06:42:00 2017 GMT + Subject: C=CH, O=Linux strongSwan, OU=OCSP, CN=carol@strongswan.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:b0:33:dd:ed:c0:d6:9d:01:de:eb:08:c4:f9:6a: + e9:46:10:f6:a4:cd:7d:aa:79:4b:c2:33:1f:61:40: + 40:de:06:9f:b8:2a:b0:84:cd:a7:79:c8:ee:a7:24: + 69:08:04:89:f8:7b:62:7e:03:9e:0a:d9:df:ff:7c: + 20:3c:a7:b1:86:7f:cc:e6:ad:0c:7e:6f:c4:9b:31: + 55:57:92:df:7b:94:86:f1:27:3a:0e:fa:0b:92:58: + ad:64:8a:40:46:5d:87:ca:11:20:03:ad:86:68:a5: + 0c:8a:19:ce:36:d0:55:bf:1f:00:47:c9:1a:af:c5: + ad:14:3c:d7:0c:9e:28:d9:61:1b:a2:a8:b7:f1:56: + a7:d9:3b:fa:09:08:2c:9b:75:e3:30:64:5e:93:80: + 48:94:35:0d:97:ca:ac:57:66:02:86:b6:1b:6b:f1: + 4a:86:30:74:48:38:46:1a:7d:07:61:30:15:33:b0: + 9d:50:fc:4d:8c:16:1e:30:13:9f:07:04:7a:3b:92: + 54:33:c7:3a:0b:67:e2:ba:46:b0:b3:0d:79:7f:e4: + ed:81:bd:34:cb:e5:30:f3:af:d4:dd:52:3e:f5:13: + 0e:c0:79:f8:43:c7:f5:b9:b0:12:6a:46:38:db:61: + 44:c8:4a:68:7b:77:34:68:63:ef:88:16:be:ae:89: + ff:89 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment, Key Agreement + X509v3 Subject Key Identifier: + C5:E8:58:D7:63:B0:B8:D4:2E:22:04:E1:CB:35:34:95:DA:74:F0:E6 + X509v3 Authority Key Identifier: + keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF + DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA + serial:00 + + X509v3 Subject Alternative Name: + email:carol@strongswan.org + Authority Information Access: + OCSP - URI:http://ocsp.strongswan.org:8880 + + X509v3 CRL Distribution Points: + URI:http://crl.strongswan.org/strongswan.crl + + Signature Algorithm: sha256WithRSAEncryption + b6:2d:d8:bb:40:e9:cf:a9:33:31:6c:91:c7:40:79:8c:5f:89: + 8e:26:d8:ef:91:67:da:71:75:f9:27:84:21:c3:6c:d1:a5:fb: + 50:de:b2:02:ad:3c:a4:6b:40:58:30:41:c7:bd:31:ca:df:77: + 00:c9:ac:5b:10:e3:66:71:6c:be:4a:49:7e:58:92:de:f4:16: + 51:12:00:2c:33:e2:2c:b5:e5:d4:6e:36:a2:50:ba:86:e3:c6: + bb:50:a2:e5:11:69:c4:86:91:fc:4d:65:7e:09:49:bd:d2:ae: + cd:70:f8:98:5d:a8:b6:cf:38:c3:19:49:fd:8b:72:3b:1a:cc: + fc:19:c9:c1:36:b2:39:ba:ed:9a:cd:db:2d:27:15:b0:ba:8a: + 64:4a:5c:8f:ff:db:78:7d:cd:78:c3:c6:13:ba:93:7b:b7:57: + da:a3:f2:16:9f:f7:24:95:57:df:f4:4f:c5:9f:d6:12:b1:69: + 39:a7:5a:88:9c:74:be:f7:b0:f3:b4:89:82:46:57:de:7d:a1: + 42:a2:c2:de:1c:37:19:66:60:2a:df:ed:25:e3:72:d3:f9:9b: + 84:05:b6:97:6a:63:63:5c:30:5d:01:7a:15:c4:6e:2c:a0:21: + d2:31:30:98:60:94:26:44:9a:08:b4:85:8d:52:00:98:ef:cb: + 07:4f:b7:8e +-----BEGIN CERTIFICATE----- +MIIEWzCCA0OgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTEyMDMxNTA2NDIwMFoXDTE3MDMxNDA2NDIwMFowVjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax +HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gaf +uCqwhM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG +8Sc6DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEb +oqi38Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAV +M7CdUPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMO +wHn4Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABo4IBQzCCAT8wCQYD +VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFMXoWNdjsLjULiIE4cs1NJXa +dPDmMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD +VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry +b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u +b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry +b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0 +cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC2 +Ldi7QOnPqTMxbJHHQHmMX4mOJtjvkWfacXX5J4Qhw2zRpftQ3rICrTyka0BYMEHH +vTHK33cAyaxbEONmcWy+Skl+WJLe9BZREgAsM+IsteXUbjaiULqG48a7UKLlEWnE +hpH8TWV+CUm90q7NcPiYXai2zzjDGUn9i3I7Gsz8GcnBNrI5uu2azdstJxWwuopk +SlyP/9t4fc14w8YTupN7t1fao/IWn/cklVff9E/Fn9YSsWk5p1qInHS+97DztImC +RlfefaFCosLeHDcZZmAq3+0l43LT+ZuEBbaXamNjXDBdAXoVxG4soCHSMTCYYJQm +RJoItIWNUgCY78sHT7eO +-----END CERTIFICATE----- diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..3912f5e07 --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf @@ -0,0 +1,15 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default + + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + conns = /usr/local/sbin/swanctl --load-conns + } + plugins { + revocation { + enable_ocsp = no + } + } +} diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..7593ab087 --- /dev/null +++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + revocation = strict + } + children { + net { + local_ts = 10.1.0.0/16 + + esp_proposals = aes128gcm128-curve25519 + } + } + version = 2 + proposals = aes128-sha256-curve25519 + } +} |