fixed test scenarios
This commit is contained in:
parent
ea4563d93f
commit
221a64e4f7
|
@ -1,6 +1,6 @@
|
|||
By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
|
||||
both roadwarrior <b>carol</b> and gateway <b>moon</b>. Thus when <b>carol</b> initiates
|
||||
the connection and only an expired CRL cache file in <b>/etc/ipsec.d/crls</b> is
|
||||
availabl, an ldap fetch to get the CRL from the LDAP server <b>winnetou</b> is
|
||||
available, an ldap fetch to get the CRL from the LDAP server <b>winnetou</b> is
|
||||
successfully started and the IKE authentication completes. The new CRL is again
|
||||
cached locally as a file in <b>/etc/ipsec.d/crls</b> due to the <b>cachecrls=yes</b> option.
|
||||
|
|
|
@ -8,7 +8,7 @@ config setup
|
|||
|
||||
ca strongswan
|
||||
cacert=strongswanCert.pem
|
||||
crluri="ldap://ldap1.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
|
||||
crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
|
||||
auto=add
|
||||
|
||||
conn %default
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
config setup
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
strictcrlpolicy=yes
|
||||
plutostart=no
|
||||
|
||||
ca strongswan
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
config setup
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
strictcrlpolicy=yes
|
||||
plutostart=no
|
||||
|
||||
ca strongswan
|
||||
|
|
Loading…
Reference in New Issue