modified description.txt and evaltest.dat

2007-03-14 13:00:55 +00:00 · 2007-03-14 13:00:55 +00:00 · b1894cdd92
parent 1e93d77153
commit b1894cdd92
4 changed files with 8 additions and 6 deletions
--- a/testing/tests/ikev2/ocsp-revoked/description.txt
+++ b/testing/tests/ikev2/ocsp-revoked/description.txt
@ -1,7 +1,7 @@
 By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
 both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
 is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate
-issued by the strongSwan CA. This certificate contains an <b>OCSPSigner</b>
+issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
 extended key usage flag. A strongswan <b>ca</b> section in ipsec.conf defines an
 <b>OCSP URI</b> pointing to <b>winnetou</b>.
 <p>
--- a/testing/tests/ikev2/ocsp-revoked/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-revoked/evaltest.dat
@ -1,6 +1,6 @@
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 moon::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::certificate was revoked::YES
+moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
+moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
--- a/testing/tests/ikev2/ocsp-signer-cert/description.txt
+++ b/testing/tests/ikev2/ocsp-signer-cert/description.txt
@ -1,7 +1,7 @@
 By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
 both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
 is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate
-issued by the strongSwan CA. This certificate contains an <b>OCSPSigner</b>
+issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
 extended key usage flag. <b>carol</b>'s certificate includes an <b>OCSP URI</b>
 in an authority information access extension pointing to <b>winnetou</b>. 
 Therefore no special ca section information is needed in ipsec.conf.
--- a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
@ -1,9 +1,11 @@
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 moon::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
 carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
 moon::cat /var/log/daemon.log::received valid http response::YES
 carol::cat /var/log/daemon.log::received valid http response::YES
+moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
+carol::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
+moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
+carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 moon::cat /var/log/daemon.log::certificate is good::YES
 carol::cat /var/log/daemon.log::certificate is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES