testing: Use a single OCSP responder for ikev2-multi-ca/ocsp-signers scenario

This demonstrates the multi-CA capabilities of the pki --ocsp command.
2025-10-04 00:00:14 -04:00 · 2023-11-07 11:21:14 +01:00 · 2023-11-07 11:21:14 +01:00 · 801c6c32e5
commit 801c6c32e5
parent c10a13589e
2 changed files with 20 additions and 5 deletions
--- a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf
@ -56,11 +56,11 @@ authorities {

   research {
      cacert = researchCert.pem
-      ocsp_uris = http://ocsp.strongswan.org:8881
+      ocsp_uris = http://ocsp.strongswan.org:8880
   }

   sales {
      cacert = salesCert.pem
-      ocsp_uris = http://ocsp.strongswan.org:8882
+      ocsp_uris = http://ocsp.strongswan.org:8880
   }
 }
--- a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
+++ b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
@ -0,0 +1,15 @@
+#!/bin/bash
+
+cd /etc/ca
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+cat | pki --ocsp --respond \
+		  --cacert strongswanCert.pem --index index.txt \
+		  --cert ocspCert.pem --key ocspKey.pem \
+		  --cacert research/researchCert.pem --index research/index.txt \
+		  --cert research/ocspCert.pem --key research/ocspKey.pem \
+		  --cacert sales/salesCert.pem --index sales/index.txt \
+		  --cert sales/ocspCert.pem --key sales/ocspKey.pem \
+		  --lifetime 5 --debug 0