3 files changed, 7 insertions, 3 deletions

diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
index a0b6d681f..b47403756 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
@@ -1,5 +1,7 @@
-moon::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::received ocsp signer certificate is not trusted - rejected::YES
-moon::cat /var/log/daemon.log::certificate status unknown::YES
+moon::cat /var/log/daemon.log::requesting ocsp status from::YES
+moon::cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES
+moon::cat /var/log/daemon.log::ocsp response verification failed::YES
+moon::cat /var/log/daemon.log::certificate status is not available::YES
+moon::cat /var/log/daemon.log::constraint check failed.*VALIDATION_FAILED.*VALIDATION_GOOD::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat
index c6d6235f9..1af117cf0 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat
@@ -1,2 +1,3 @@
 moon::ipsec stop
 carol::ipsec stop
+moon::iptables -F
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
index d92333d86..afb64c3ed 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
@@ -1,3 +1,4 @@
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
 moon::ipsec start
 carol::ipsec start
 carol::sleep 2