mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
7c5a2974b9
For documentation purposes the new folders ikev1-algs, ikev2-algs, ikev1-multi-ca and ikev2-multi-ca have been created. Most of the test cases have now been converted to the vici interface. The remaining legacy stroke scenarios yet to be converted have been put into the ikev2-stroke-bye folder. For documentation purposes some legacy stroke scenarios will be kept in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
11 lines
689 B
Plaintext
11 lines
689 B
Plaintext
This scenario is based on <a href="../ocsp-signer-cert">ikev2/ocsp-signer-cert</a>
|
|
and tests the timeouts of the <b>libcurl</b> library used for http-based OCSP fetching
|
|
by adding an ocsp_uris entry in <b>moon</b>'s strongswan authority section that cannot
|
|
be resolved by <b>DNS</b> and an ocsp_uris entry in <b>carol</b>'s strongswan authority
|
|
section on which no OCSP server is listening. Thanks to timeouts the connection can
|
|
nevertheless be established successfully by contacting a valid OCSP URI contained in
|
|
<b>carol</b>'s certificate.
|
|
<p>
|
|
As an additional test the OCSP response is delayed by a few seconds in order to check
|
|
the correct handling of retransmitted IKE_AUTH messages.
|