sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
strongswan/testing/tests/ikev2/ocsp-disabled/description.txt
Andreas Steffen 7c5a2974b9 testing: Reorganizing IKEv1 and IKEv2 examples 
For documentation purposes the new folders ikev1-algs, ikev2-algs,
ikev1-multi-ca and ikev2-multi-ca have been created. Most of the
test cases have now been converted to the vici interface. The
remaining legacy stroke scenarios yet to be converted have been put
into the ikev2-stroke-bye folder.

For documentation purposes some legacy stroke scenarios will be kept
in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
2021-05-21 09:42:50 +02:00

11 lines
713 B
Plaintext
Raw Blame History

By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
both roadwarrior <b>carol</b> and gateway <b>moon</b>.
Client <b>carol</b>'s certificate includes an <b>OCSP URI</b> in an authority information
access extension pointing to <b>winnetou</b>. Gateway <b>moon</b>'s certificate doesn't
contain any such extensions but <b>carol</b>'s swanctl.conf contains a corresponding
authorities section. With the directive <b>charon.plugins.revocation.enable_ocsp = no</b>
in strongswan.conf all OCSP fetching is disabled and a fallback to CRL fetching occurs.
<p/>
<b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since
the status of both certificates is <b>good</b>.
Reference in New Issue View Git Blame Copy Permalink