sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

testing: Fix ikev2/two-certs scenario

Browse Source 
Since 6a8a44be88b0 the certificate received by the client is verified
first, before checking the cached certificates for any with matching
identities.  So we usually don't have to attempt to verify the signature
with wrong certificates first and can avoid this message.
This commit is contained in:
Tobias Brunner 2017-05-26 13:49:51 +02:00
parent 4366494d72
commit 0da10b73ad
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testing/tests/ikev2/two-certs/evaltest.dat
View File

@ -2,7 +2,7 @@ moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongs
moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES
moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::NO
moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES
moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES