testing: Use a single OCSP responder for ikev2-multi-ca/ocsp-signers scenario

author Tobias Brunner <tobias@strongswan.org>

Tue, 7 Nov 2023 10:21:14 +0000 (11:21 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 13 Nov 2023 11:50:47 +0000 (12:50 +0100)
author Tobias Brunner <tobias@strongswan.org>
Tue, 7 Nov 2023 10:21:14 +0000 (11:21 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 13 Nov 2023 11:50:47 +0000 (12:50 +0100)
diff --git a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf

index c5beb2cde9cb95e4f520e1f3f022210ed57c1c3d..fb6e7cb9f65c31c00144e43e89307dfd5dfe54ea 100755 (executable)
--- a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf
@@ -11,11 +11,11 @@ connections {
        remote {
           auth = pubkey
           cacerts = researchCert.pem
-         revocation = ifuri 
+         revocation = ifuri
        }
        children {
           alice {
-            local_ts  = 10.1.0.10/32 
+            local_ts  = 10.1.0.10/32
              esp_proposals = aes128-sha256-ecp256
           }
        }
@@ -34,7 +34,7 @@ connections {
        remote {
           auth = pubkey
           cacerts = salesCert.pem
-         revocation = ifuri 
+         revocation = ifuri
        }
        children {
           venus {
@@ -56,11 +56,11 @@ authorities {
  
     research {
        cacert = researchCert.pem
-      ocsp_uris = http://ocsp.strongswan.org:8881
+      ocsp_uris = http://ocsp.strongswan.org:8880
     }
  
     sales {
        cacert = salesCert.pem
-      ocsp_uris = http://ocsp.strongswan.org:8882
+      ocsp_uris = http://ocsp.strongswan.org:8880
     }
  }
diff --git a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi

new file mode 100644 (file)

index 0000000..f094244
--- /dev/null
+++ b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+cd /etc/ca
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+cat | pki --ocsp --respond \
+                 --cacert strongswanCert.pem --index index.txt \
+                 --cert ocspCert.pem --key ocspKey.pem \
+                 --cacert research/researchCert.pem --index research/index.txt \
+                 --cert research/ocspCert.pem --key research/ocspKey.pem \
+                 --cacert sales/salesCert.pem --index sales/index.txt \
+                 --cert sales/ocspCert.pem --key sales/ocspKey.pem \
+                 --lifetime 5 --debug 0
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 7 Nov 2023 10:21:14 +0000 (11:21 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 13 Nov 2023 11:50:47 +0000 (12:50 +0100)
testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf		patch \| blob \| blame \| history
testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi	[new file with mode: 0644]	patch \| blob