modified description.txt and evaltest.dat

diff --git a/testing/tests/ikev2/ocsp-revoked/description.txt b/testing/tests/ikev2/ocsp-revoked/description.txt
index ead076a04643889583ecf387efb07590a50b0d3d..73d0725492bd4f9e6013190d8a14350065cbdbf6 100644 (file)
--- a/testing/tests/ikev2/ocsp-revoked/description.txt
+++ b/testing/tests/ikev2/ocsp-revoked/description.txt
@@ -1,7 +1,7 @@
 By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
 both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
 is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate
-issued by the strongSwan CA. This certificate contains an <b>OCSPSigner</b>
+issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
 extended key usage flag. A strongswan <b>ca</b> section in ipsec.conf defines an
 <b>OCSP URI</b> pointing to <b>winnetou</b>.
 <p>

diff --git a/testing/tests/ikev2/ocsp-revoked/evaltest.dat b/testing/tests/ikev2/ocsp-revoked/evaltest.dat
index 1d9d760cdecb8b01aace9a2607b957ebffcde874..eacb70c4043d05f854846dd89d0f12fdd2807c46 100644 (file)
--- a/testing/tests/ikev2/ocsp-revoked/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-revoked/evaltest.dat
@@ -1,6 +1,6 @@
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 moon::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::certificate was revoked::YES
+moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
+moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO

diff --git a/testing/tests/ikev2/ocsp-signer-cert/description.txt b/testing/tests/ikev2/ocsp-signer-cert/description.txt
index 300d75a62ea898370270c0208026234b6ad531b1..492a9882b0116e0ba92f0f1995599623af8ab642 100644 (file)
--- a/testing/tests/ikev2/ocsp-signer-cert/description.txt
+++ b/testing/tests/ikev2/ocsp-signer-cert/description.txt
@@ -1,7 +1,7 @@
 By setting <b>strictcrlpolicy=yes</b>, a <b>strict</b> CRL policy is enforced on
 both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
 is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer certificate
-issued by the strongSwan CA. This certificate contains an <b>OCSPSigner</b>
+issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
 extended key usage flag. <b>carol</b>'s certificate includes an <b>OCSP URI</b>
 in an authority information access extension pointing to <b>winnetou</b>. 
 Therefore no special ca section information is needed in ipsec.conf.

diff --git a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
index ffe9c551554505a40c94f0461e760bf6725629f6..4a8ffd412ce2bbcaeea46d4f5f9684b2382e7d0e 100644 (file)
--- a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
@@ -1,9 +1,11 @@
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 moon::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
 carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
 moon::cat /var/log/daemon.log::received valid http response::YES
 carol::cat /var/log/daemon.log::received valid http response::YES
+moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
+carol::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
+moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
+carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 moon::cat /var/log/daemon.log::certificate is good::YES
 carol::cat /var/log/daemon.log::certificate is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES