testing: Script building fresh certificates

diff --git a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
index fb9e984241f6fed28cf224fedff9a6d873688f34..d160c3eb8bf15254b4477e10739059803a712335 100644 (file)
--- a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
+++ b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf
@@ -6,11 +6,11 @@ AddHandler cgi-script .cgi
 
 <VirtualHost *:8880>
     ServerAdmin  root@strongswan.org
-    DocumentRoot /etc/openssl/ocsp
+    DocumentRoot /etc/ca/ocsp
     ServerName   ocsp.strongswan.org
     ServerAlias         192.168.0.150
     DirectoryIndex ocsp.cgi
-    <Directory "/etc/openssl/ocsp">
+    <Directory "/etc/ca/ocsp">
         Options  +ExecCGI
         Require all granted
    </Directory>
@@ -22,11 +22,11 @@ Listen 8881
 
 <VirtualHost *:8881>
     ServerAdmin  root@research.strongswan.org
-    DocumentRoot /etc/openssl/research/ocsp
+    DocumentRoot /etc/ca/research/ocsp
     ServerName   ocsp.research.strongswan.org
     ServerAlias         ocsp.strongswan.org 192.168.0.150
     DirectoryIndex ocsp.cgi
-    <Directory "/etc/openssl/research/ocsp">
+    <Directory "/etc/ca/research/ocsp">
         Options +ExecCGI
         Require all granted
    </Directory>
@@ -38,11 +38,11 @@ Listen 8882
 
 <VirtualHost *:8882>
     ServerAdmin  root@sales.strongswan.org
-    DocumentRoot /etc/openssl/sales/ocsp
+    DocumentRoot /etc/ca/sales/ocsp
     ServerName   ocsp.sales.strongswan.org
     ServerAlias         ocsp.strongswan.org 192.168.0.150
     DirectoryIndex ocsp.cgi
-    <Directory "/etc/openssl/sales/ocsp">
+    <Directory "/etc/ca/sales/ocsp">
         Options +ExecCGI
         Require all granted
    </Directory>

diff --git a/testing/hosts/winnetou/etc/ca/generate-crl b/testing/hosts/winnetou/etc/ca/generate-crl
new file mode 100755 (executable)
index 0000000..39db1af
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/generate-crl
@@ -0,0 +1,133 @@
+#!/bin/bash
+
+export LEAK_DETECTIVE_DISABLE=1
+
+ROOT="/var/www"
+
+##
+# strongSwan Root CA
+cd /etc/ca
+
+# copy strongsSwan CA certificate
+cp strongswanCert.pem ${ROOT}
+cp strongswanCert.der ${ROOT}
+
+# generate CRL for strongSwan Root CA
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    --lastcrl strongswan.crl > ${ROOT}/strongswan.crl
+
+# revoke moon's current certificate
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    --reason key-compromise --serial 03 \
+    --lastcrl ${ROOT}/strongswan.crl > ${ROOT}/strongswan_moon_revoked.crl
+
+# generate a base CRL
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    --crluri http://crl.strongswan.org/strongswan_delta.crl \
+    --lastcrl strongswan.crl --lifetime 30 > ${ROOT}/strongswan_base.crl
+
+# generate a delta CRL revoking moon's current cert
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    --basecrl ${ROOT}/strongswan_base.crl --reason key-compromise \
+    --serial 03 --lifetime 15 > ${ROOT}/strongswan_delta.crl
+
+# generate Hash-and-URL certificates
+CERTS_DIR="${ROOT}/certs"
+for cert in `ls certs`
+do
+  openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
+  mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
+done
+
+##
+# Research CA
+cd /etc/ca/research
+
+# copy Research CA certificate
+cp researchCert.pem ${ROOT}
+cp researchCert.der ${ROOT}
+
+# generate CRL for Research CA
+pki --signcrl --cakey researchKey.pem --cacert researchCert.pem \
+    > ${ROOT}/research.crl
+
+# generate Hash-and-URL certificates
+CERTS_DIR="${ROOT}/certs/research"
+for cert in `ls certs`
+do
+  openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
+  mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
+done
+
+##
+# Sales CA
+cd /etc/ca/sales
+
+# copy Sales CA certificate
+cp salesCert.pem ${ROOT}
+cp salesCert.der ${ROOT}
+
+# generate CRL for Sales CA
+pki --signcrl --cakey salesKey.pem --cacert salesCert.pem \
+    > ${ROOT}/sales.crl
+
+# generate Hash-and-URL certificates
+CERTS_DIR="${ROOT}/certs/sales"
+for cert in `ls certs`
+do
+  openssl x509 -in certs/${cert} -outform der -out ${CERTS_DIR}/cert.der
+  mv ${CERTS_DIR}/cert.der ${CERTS_DIR}/`sha1sum ${CERTS_DIR}/cert.der | head -c 40`
+done
+
+##
+# strongSwan EC Root CA
+cd /etc/ca/ecdsa
+
+# copy ECDSA CA certificate
+cp strongswanCert.pem ${ROOT}/strongswan_ecdsaCert.pem
+openssl ec -in strongswanKey.pem -outform der -out ${ROOT}/strongswan_ecdsaCert.der
+chmod a+r ${ROOT}/strongswan_ecdsaCert.der
+
+# generate CRL for strongSwan EC Root CA
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    > ${ROOT}/strongswan_ecdsa.crl
+
+##
+# strongSwan RFC3779 Root CA
+cd /etc/ca/rfc3779
+
+# generate CRL for strongSwan RFC3779 Root CA
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    > ${ROOT}/strongswan_rfc3779.crl
+
+##
+# strongSwan SHA3-RSA Root CA
+cd /etc/ca/sha3-rsa
+
+# generate CRL for strongSwan SHA3-RSA Root CA
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    --digest sha3_256 > ${ROOT}/strongswan_sha3_rsa.crl
+
+##
+# strongSwan Ed25519 Root CA
+cd /etc/ca/ed25519
+
+# generate CRL for strongSwan Ed25519 Root CA
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    > ${ROOT}/strongswan_ed25519.crl
+
+##
+# strongSwan Monster Root CA
+cd /etc/ca/monster
+
+# generate CRL for strongSwan Monster Root CA
+pki --signcrl --cakey strongswanKey.pem --cacert strongswanCert.pem \
+    > ${ROOT}/strongswan_monster.crl
+
+##
+# strongSwan BlISS Root CA
+cd /etc/ca/bliss
+
+# generate CRL for strongSwan BLISS Root CA
+pki --signcrl --cakey strongswan_blissKey.der --cacert strongswan_blissCert.der \
+    --lifetime 30 --digest sha3_512 > ${ROOT}/strongswan_bliss.crl

diff --git a/testing/hosts/winnetou/etc/ca/index.html b/testing/hosts/winnetou/etc/ca/index.html
new file mode 100644 (file)
index 0000000..9de0590
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/index.html
@@ -0,0 +1,58 @@
+<html>
+<head>
+  <title>strongSwan Web Services</title>
+  <base target="_self">
+</head>
+
+<body bgcolor="#FFFFFF">
+<table border=0 cellpadding=0 cellspacing=0 width=600>
+
+<tr><td>
+  <h2>strongSwan Testing Environment</h2>
+  <ul>
+    <li>
+      <a href="testresults/">Test Results</a>
+    </li>
+  </ul>
+  <a href="images/umlArchitecture_large.png" target="_blank">
+    <img src="images/umlArchitecture_small.png" border="0">
+  </a>
+
+    <h2>strongSwan Certification Authorities</h2>
+  <ul>
+    <li>
+      <bold>Root CA: </bold>
+      <a href="strongswanCert.pem">PEM</a> ,
+      <a href="strongswanCert.der">DER</a> ,
+      <a href="strongswan.crl">CRL</a>
+    </li>
+  </ul>
+  <ul>
+    <li>
+      <bold>Research CA: </bold>
+      <a href="researchCert.pem">PEM</a> ,
+      <a href="researchCert.der">DER</a> ,
+      <a href="research.crl">CRL</a>
+    </li>
+  </ul>
+  <ul>
+    <li>
+      <bold>Sales CA: </bold>
+       <a href="salesCert.pem">PEM</a> ,
+      <a href="salesCert.der">DER</a> ,
+      <a href="sales.crl">CRL</a>
+    </li>
+  </ul>
+  <ul>
+    <li>
+      <bold>ECDSA CA: </bold>
+      <a href="strongswan_ecdsaCert.pem">PEM</a> ,
+      <a href="strongswan_ecdsaCert.der">DER</a> ,
+     <a href="strongswan_ecdsa.crl">CRL</a>
+    </li>
+  </ul>
+  <hr>
+  <address>The strongSwan Project (<a href="https://www.strongswan.org">www.strongswan.org</a>)</address>
+</td></tr>
+</table>
+</body>

diff --git a/testing/hosts/winnetou/etc/ca/index.txt.template b/testing/hosts/winnetou/etc/ca/index.txt.template
new file mode 100644 (file)
index 0000000..8feccc8
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/index.txt.template
@@ -0,0 +1,22 @@
+V      EE_EXPIRATION           01      unknown /C=CH/O=strongSwan Project/OU=Research/CN=carol@strongswan.org
+V      EE_EXPIRATION           02      unknown /C=CH/O=strongSwan Project/OU=Accounting/CN=dave@strongswan.org
+V      EE_EXPIRATION           03      unknown /C=CH/O=strongSwan Project/CN=moon.strongswan.org
+V      EE_EXPIRATION           04      unknown /C=CH/O=strongSwan Project/CN=sun.strongswan.org
+V      EE_EXPIRATION           05      unknown /C=CH/O=strongSwan Project/OU=Sales/CN=alice@strongswan.org
+V      EE_EXPIRATION           06      unknown /C=CH/O=strongSwan Project/CN=venus.strongswan.org
+V      EE_EXPIRATION           07      unknown /C=CH/O=strongSwan Project/OU=Research/CN=bob@strongswan.org
+R      EE_EXPIRATION   REVOCATION,keyCompromise        08      unknown /C=CH/O=strongSwan Project/OU=Research/CN=carol@strongswan.org
+V      EE_EXPIRATION           09      unknown /C=CH/O=strongSwan Project/OU=Research/serialNumber=002/CN=carol@strongswan.org
+R      IM_EXPIRATION   REVOCATION,CACompromise 0A      unknown /C=CH/O=strongSwan Project/OU=Research/CN=Research CA
+V      IM_EXPIRATION           0B      unknown /C=CH/O=strongSwan Project/OU=Research/CN=Research CA
+V      IM_EXPIRATION           0C      unknown /C=CH/O=strongSwan Project/OU=Sales/CN=Sales CA
+V      EE_EXPIRATION           0D      unknown /C=CH/O=strongSwan Project/OU=SHA-224/CN=moon.strongswan.org
+V      EE_EXPIRATION           0E      unknown /C=CH/O=strongSwan Project/OU=SHA-384/CN=carol@strongswan.org
+V      EE_EXPIRATION           0F      unknown /C=CH/O=strongSwan Project/OU=SHA-512/CN=dave@strongswan.org
+V      EE_EXPIRATION           10      unknown /C=CH/O=strongSwan Project/OU=OCSP/CN=carol@strongswan.org
+V      EE_EXPIRATION           11      unknown /C=CH/O=strongSwan Project/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
+V      EE_EXPIRATION           12      unknown /C=CH/O=strongSwan Project/OU=Virtual VPN Gateway/CN=mars.strongswan.org
+V      EE_EXPIRATION           13      unknown /C=CH/O=strongSwan Project/CN=winnetou.strongswan.org
+V      EE_EXPIRATION           14      unknown /C=CH/O=strongSwan Project/CN=aaa.strongswan.org
+V      IM_EXPIRATION           15      unknown /C=CH/O=strongSwan Project/CN=strongSwan Attribute Authority
+V      SH_EXPIRATION           16      unknown /C=CH/O=strongSwan Project/CN=strongSwan Legacy AA

diff --git a/testing/hosts/winnetou/etc/ca/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
new file mode 100755 (executable)
index 0000000..230bbf3
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /etc/ca
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+       -rkey ocspKey.pem -rsigner ocspCert.pem \
+       -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat

diff --git a/testing/hosts/winnetou/etc/ca/research/index.txt.template b/testing/hosts/winnetou/etc/ca/research/index.txt.template
new file mode 100644 (file)
index 0000000..f9ca26b
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/research/index.txt.template
@@ -0,0 +1,4 @@
+V      EE_EXPIRATION           01      unknown /C=CH/O=strongSwan Project/OU=Research/CN=carol@strongswan.org
+V      EE_EXPIRATION           02      unknown /C=CH/O=strongSwan Project/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
+V      EE_EXPIRATION           03      unknown /C=CH/O=strongSwan Project/OU=Sales/CN=Sales CA
+V      EE_EXPIRATION           04      unknown /C=CH/O=strongSwan Project/OU=Research/CN=Duck Research CA

diff --git a/testing/hosts/winnetou/etc/ca/research/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/ca/research/ocsp/ocsp.cgi
new file mode 100755 (executable)
index 0000000..4154f5d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/research/ocsp/ocsp.cgi
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /etc/ca/research
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+cat | /usr/bin/openssl ocsp -index index.txt -CA researchCert.pem \
+       -rkey ocspKey.pem -rsigner ocspCert.pem \
+       -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat

diff --git a/testing/hosts/winnetou/etc/ca/sales/index.txt.template b/testing/hosts/winnetou/etc/ca/sales/index.txt.template
new file mode 100644 (file)
index 0000000..5bc935f
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/sales/index.txt.template
@@ -0,0 +1,3 @@
+V      EE_EXPIRATION           01      unknown /C=CH/O=strongSwan Project/OU=Sales/CN=dave@strongswan.org
+V      EE_EXPIRATION           02      unknown /C=CH/O=strongSwan Project/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
+V      EE_EXPIRATION           03      unknown /C=CH/O=strongSwan Project/OU=Research/CN=Research CA

diff --git a/testing/hosts/winnetou/etc/ca/sales/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/ca/sales/ocsp/ocsp.cgi
new file mode 100755 (executable)
index 0000000..05d304d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ca/sales/ocsp/ocsp.cgi
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /etc/ca/sales
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+cat | /usr/bin/openssl ocsp -index index.txt -CA salesCert.pem \
+       -rkey ocspKey.pem -rsigner ocspCert.pem \
+       -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat

diff --git a/testing/hosts/winnetou/etc/ldap/ldif.txt b/testing/hosts/winnetou/etc/ldap/ldif.txt
index d06621adb25a8b9acab757fd427d0999f57675e4..c3c27cc2f779fa01ac0227d18077d56343effc7a 100644 (file)
--- a/testing/hosts/winnetou/etc/ldap/ldif.txt
+++ b/testing/hosts/winnetou/etc/ldap/ldif.txt
@@ -1,39 +1,39 @@
-dn: o=Linux strongSwan, c=CH
+dn: o=strongSwan Project, c=CH
 objectclass: organization
-o: Linux strongSwan
+o: strongSwan Project
 
-dn: cn=Manager,o=Linux strongSwan, c=CH
+dn: cn=Manager,o=strongSwan Project, c=CH
 objectclass: organizationalRole
 cn: Manager
 
-dn: cn=strongSwan Root CA, o=Linux strongSwan, c=CH
+dn: cn=strongSwan Root CA, o=strongSwan Project, c=CH
 objectClass: organizationalRole
 cn: strongSwan Root CA
 objectClass: certificationAuthority
-authorityRevocationList;binary:< file:///etc/openssl/strongswan.crl
-certificateRevocationList;binary:< file:///etc/openssl/strongswan.crl
-cACertificate;binary:< file:///etc/openssl/strongswanCert.der
+authorityRevocationList;binary:< file:///var/www/strongswan.crl
+certificateRevocationList;binary:< file:///var/www/strongswan.crl
+cACertificate;binary:< file:///var/www/strongswanCert.der
 
-dn: ou=Research, o=Linux strongSwan, c=CH
+dn: ou=Research, o=strongSwan Project, c=CH
 objectclass: organizationalUnit
 ou: Research
 
-dn: cn=Research CA, ou=Research, o=Linux strongSwan, c=CH
+dn: cn=Research CA, ou=Research, o=strongSwan Project, c=CH
 objectClass: organizationalRole
 cn: Research CA
 objectClass: certificationAuthority
-authorityRevocationList;binary:< file:///etc/openssl/research/research.crl
-certificateRevocationList;binary:< file:///etc/openssl/research/research.crl
-cACertificate;binary:< file:///etc/openssl/research/researchCert.der
+authorityRevocationList;binary:< file:///var/www/research.crl
+certificateRevocationList;binary:< file:///var/www/research.crl
+cACertificate;binary:< file:///var/www/researchCert.der
 
-dn: ou=Sales, o=Linux strongSwan, c=CH
+dn: ou=Sales, o=strongSwan Project, c=CH
 objectclass: organizationalUnit
 ou: Sales
 
-dn: cn=Sales CA, ou=Sales, o=Linux strongSwan, c=CH
+dn: cn=Sales CA, ou=Sales, o=strongSwan Project, c=CH
 objectClass: organizationalRole
 cn: Sales CA
 objectClass: certificationAuthority
-authorityRevocationList;binary:< file:///etc/openssl/sales/sales.crl
-certificateRevocationList;binary:< file:///etc/openssl/sales/sales.crl
-cACertificate;binary:< file:///etc/openssl/sales/salesCert.der
+authorityRevocationList;binary:< file:///var/www/sales.crl
+certificateRevocationList;binary:< file:///var/www/sales.crl
+cACertificate;binary:< file:///var/www/salesCert.der

diff --git a/testing/hosts/winnetou/etc/ldap/slapd.conf b/testing/hosts/winnetou/etc/ldap/slapd.conf
index 103d4573f99cc4cde346b1cbffc32cf192ef459d..17a32c7f3a0407233a56a9f52b9e38cdfd22cea2 100644 (file)
--- a/testing/hosts/winnetou/etc/ldap/slapd.conf
+++ b/testing/hosts/winnetou/etc/ldap/slapd.conf
@@ -15,8 +15,8 @@ argsfile      /var/run/openldap/slapd.args
 #######################################################################
 
 database       bdb
-suffix         "o=Linux strongSwan,c=CH"
-rootdn         "cn=Manager,o=Linux strongSwan,c=CH"
+suffix         "o=strongSwan Project,c=CH"
+rootdn         "cn=Manager,o=strongSwan Project,c=CH"
 checkpoint     32      30
 rootpw         tuxmux
 directory      /var/lib/ldap

diff --git a/testing/hosts/winnetou/etc/openssl/index.html b/testing/hosts/winnetou/etc/openssl/index.html
deleted file mode 100644 (file)
index 8cbb2c4..0000000
--- a/testing/hosts/winnetou/etc/openssl/index.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<html>
-<head>
-  <title>strongSwan Web Services</title>
-  <base target="_self">
-</head>
-
-<body bgcolor="#FFFFFF">
-<table border=0 cellpadding=0 cellspacing=0 width=600>
-
-<tr><td>
-  <h2>strongSwan Certification Authority</h2>
-  <ul>
-    <li>
-      <a href="strongswanCert.pem">Root CA Certificate</a>
-    </li>
-  </ul>
-  <ul>
-    <li>
-      <a href="strongswan.crl">Certificate Revocation List (CRL)</a>
-    </li>
-  </ul>
-
-  <h2>strongSwan Testing Environment</h2>
-  <ul>
-    <li>
-      <a href="testresults/">Test Results</a>
-    </li>
-  </ul>
-  <a href="images/umlArchitecture_large.png" target="_blank">
-    <img src="images/umlArchitecture_small.png" border="0">
-  </a>
-  <hr>
-  <address>Linux strongSwan (<a href="http://www.strongswan.org">www.strongswan.org</a>)</address>
-</td></tr>
-</table>
-</body>

diff --git a/testing/hosts/winnetou/etc/strongswan.conf b/testing/hosts/winnetou/etc/strongswan.conf
index a69df79abdde7e0d3dd8a4b1d773f6c34d79c02d..ad718b599e849b03b652f032ed3f37a4f31bcc59 100644 (file)
--- a/testing/hosts/winnetou/etc/strongswan.conf
+++ b/testing/hosts/winnetou/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # strongswan.conf - strongSwan configuration file
 
 pki {
-  load = random pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 bliss curve25519 x509
+  load = random pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 bliss curve25519 x509 openssl
 }

diff --git a/testing/scripts/build-certs b/testing/scripts/build-certs
new file mode 100755 (executable)
index 0000000..649ea77
--- /dev/null
+++ b/testing/scripts/build-certs
@@ -0,0 +1,1585 @@
+#!/bin/bash
+
+echo "Building certificates"
+
+# Determine testing directory
+DIR="$(dirname `readlink -f $0`)/.."
+
+# Define some global variables
+PROJECT="strongSwan Project"
+CA_DIR="${DIR}/hosts/winnetou/etc/ca"
+CA_KEY="${CA_DIR}/strongswanKey.pem"
+CA_CERT="${CA_DIR}/strongswanCert.pem"
+CA_CRL="${CA_DIR}/strongswan.crl"
+CA_LAST_CRL="${CA_DIR}/strongswan_last.crl"
+CA_CDP="http://crl.strongswan.org/strongswan.crl"
+CA_BASE_CDP="http://crl.strongswan.org/strongswan_base.crl"
+CA_OCSP="http://ocsp.strongswan.org:8880"
+#
+START=`date  -d "-2 day"    "+%d.%m.%y %T"`
+SH_END=`date -d "-1 day"    "+%d.%m.%y %T"`    #  1 day
+CA_END=`date -d "+3651 day" "+%d.%m.%y %T"`    # 10 years
+IM_END=`date -d "+3286 day" "+%d.%m.%y %T"`    #  9 years
+EE_END=`date -d "+2920 day" "+%d.%m.%y %T"`    #  8 years
+SH_EXP=`date -d "-1 day"    "+%y%m%d%H%M%SZ"`  #  1 day
+IM_EXP=`date -d "+3286 day" "+%y%m%d%H%M%SZ"`  #  9 years
+EE_EXP=`date -d "+2920 day" "+%y%m%d%H%M%SZ"`  #  8 years
+NOW=`date "+%y%m%d%H%M%SZ"`
+#
+RESEARCH_DIR="${CA_DIR}/research"
+RESEARCH_KEY="${RESEARCH_DIR}/researchKey.pem"
+RESEARCH_CERT="${RESEARCH_DIR}/researchCert.pem"
+RESEARCH_CDP="http://crl.strongswan.org/research.crl"
+#
+SALES_DIR="${CA_DIR}/sales"
+SALES_KEY="${SALES_DIR}/salesKey.pem"
+SALES_CERT="${SALES_DIR}/salesCert.pem"
+SALES_CDP="http://crl.strongswan.org/sales.crl"
+#
+DUCK_DIR="${CA_DIR}/duck"
+DUCK_KEY="${DUCK_DIR}/duckKey.pem"
+DUCK_CERT="${DUCK_DIR}/duckCert.pem"
+#
+ECDSA_DIR="${CA_DIR}/ecdsa"
+ECDSA_KEY="${ECDSA_DIR}/strongswanKey.pem"
+ECDSA_CERT="${ECDSA_DIR}/strongswanCert.pem"
+ECDSA_CDP="http://crl.strongswan.org/strongswan_ecdsa.crl"
+#
+RFC3779_DIR="${CA_DIR}/rfc3779"
+RFC3779_KEY="${RFC3779_DIR}/strongswanKey.pem"
+RFC3779_CERT="${RFC3779_DIR}/strongswanCert.pem"
+RFC3779_CDP="http://crl.strongswan.org/strongswan_rfc3779.crl"
+#
+SHA3_RSA_DIR="${CA_DIR}/sha3-rsa"
+SHA3_RSA_KEY="${SHA3_RSA_DIR}/strongswanKey.pem"
+SHA3_RSA_CERT="${SHA3_RSA_DIR}/strongswanCert.pem"
+SHA3_RSA_CDP="http://crl.strongswan.org/strongswan_sha3_rsa.crl"
+#
+ED25519_DIR="${CA_DIR}/ed25519"
+ED25519_KEY="${ED25519_DIR}/strongswanKey.pem"
+ED25519_CERT="${ED25519_DIR}/strongswanCert.pem"
+ED25519_CDP="http://crl.strongswan.org/strongswan_ed25519.crl"
+#
+MONSTER_DIR="${CA_DIR}/monster"
+MONSTER_KEY="${MONSTER_DIR}/strongswanKey.pem"
+MONSTER_CERT="${MONSTER_DIR}/strongswanCert.pem"
+MONSTER_CDP="http://crl.strongswan.org/strongswan_monster.crl"
+MONSTER_CA_RSA_SIZE="8192"
+MONSTER_EE_RSA_SIZE="4096"
+#
+BLISS_DIR="${CA_DIR}/bliss"
+BLISS_KEY="${BLISS_DIR}/strongswan_blissKey.der"
+BLISS_CERT="${BLISS_DIR}/strongswan_blissCert.der"
+BLISS_CDP="http://crl.strongswan.org/strongswan_bliss.crl"
+#
+RSA_SIZE="3072"
+IPSEC_DIR="etc/ipsec.d"
+SWANCTL_DIR="etc/swanctl"
+TKM_DIR="etc/tkm"
+HOSTS="carol dave moon sun alice venus bob"
+TEST_DIR="${DIR}/tests"
+
+# Create directories
+mkdir -p ${CA_DIR}/certs
+mkdir -p ${RESEARCH_DIR}/certs
+mkdir -p ${SALES_DIR}/certs
+mkdir -p ${DUCK_DIR}/certs
+mkdir -p ${ECDSA_DIR}/certs
+mkdir -p ${RFC3779_DIR}/certs
+mkdir -p ${SHA3_RSA_DIR}/certs
+mkdir -p ${ED25519_DIR}/certs
+mkdir -p ${MONSTER_DIR}/certs
+mkdir -p ${BLISS_DIR}/certs
+
+################################################################################
+# strongSwan Root CA                                                           #
+################################################################################
+
+# Generate strongSwan Root CA
+pki --gen  --type rsa --size ${RSA_SIZE} --outform pem > ${CA_KEY}
+pki --self --type rsa --in ${CA_KEY} --not-before "${START}" --not-after "${CA_END}" \
+    --ca --pathlen 1 --dn "C=CH, O=${PROJECT}, CN=strongSwan Root CA" \
+    --outform pem > ${CA_CERT}
+
+# Distribute strongSwan Root CA certificate
+for h in ${HOSTS}
+do
+  HOST_DIR="${DIR}/hosts/${h}"
+  cp ${CA_CERT} ${HOST_DIR}/${IPSEC_DIR}/cacerts
+  cp ${CA_CERT} ${HOST_DIR}/${SWANCTL_DIR}/x509ca
+done
+
+# Put a copy onto the alice FreeRADIUS server
+cp ${CA_CERT} ${DIR}/hosts/alice/etc/raddb/certs
+
+# Gernerate a stale CRL
+pki --signcrl --cakey ${CA_KEY} --cacert ${CA_CERT} \
+    --this-update "${START}" --lifetime 1 > ${CA_LAST_CRL}
+
+# Put a CRL copy into the ikev2/crl-ldap scenario to be used as a stale crl
+TEST="${TEST_DIR}/ikev2/crl-ldap"
+cp ${CA_LAST_CRL} ${TEST}/hosts/carol/${IPSEC_DIR}/crls/stale.crl
+cp ${CA_LAST_CRL} ${TEST}/hosts/moon/${IPSEC_DIR}/crls/stale.crl
+
+# Generate host keys
+for h in ${HOSTS}
+do
+  HOST_DIR="${DIR}/hosts/${h}"
+  HOST_KEY="${HOST_DIR}/${IPSEC_DIR}/private/${h}Key.pem"
+  pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${HOST_KEY}
+
+  # Put a copy into swanctl directory tree
+  cp ${HOST_KEY} ${HOST_DIR}/${SWANCTL_DIR}/rsa
+done
+
+# Convert moon private key and Root CA certificate into DER format
+HOST_KEY=${DIR}/hosts/moon/${SWANCTL_DIR}/rsa/moonKey.pem
+TEST="${TEST_DIR}/tkm/host2host-initiator"
+TEST_KEY=${TEST}/hosts/moon/${TKM_DIR}/moonKey.der
+TEST_CERT=${TEST}/hosts/moon/${TKM_DIR}/strongswanCert.der
+openssl rsa -in ${HOST_KEY} -outform der -out ${TEST_KEY} 2> /dev/null
+openssl x509 -in ${CA_CERT} -outform der -out ${TEST_CERT}
+
+# Put DER-encoded moon private key and Root CA certificate into tkm scenarios
+for t in host2host-initiator host2host-responder host2host-xfrmproxy \
+         net2net-initiator net2net-xfrmproxy xfrmproxy-expire xfrmproxy-rekey
+do
+  TEST="${TEST_DIR}/tkm/${t}"
+  mkdir -p ${TEST}/hosts/moon/${TKM_DIR}
+  cp ${CA_DIR}/keys/moonKey.der ${CA_CERT_DER} ${TEST}/hosts/moon/${TKM_DIR}
+done
+
+# Put DER_encoded sun private key and Root CA certificate into tkm scenarios
+for t in multiple-clients
+do
+  TEST="${TEST_DIR}/tkm/${t}"
+  mkdir -p ${TEST}/hosts/sun/${TKM_DIR}
+  cp ${CA_DIR}/keys/sunKey.der ${CA_CERT_DER} ${TEST}/hosts/sun/${TKM_DIR}
+done
+
+# Convert moon private key into unencrypted PKCS#8 format
+TEST="${TEST_DIR}/ikev2/rw-pkcs8"
+HOST_KEY=${DIR}/hosts/moon/${SWANCTL_DIR}/rsa/moonKey.pem
+TEST_KEY=${TEST}/hosts/moon/${IPSEC_DIR}/private/moonKey.pem
+openssl pkcs8 -in ${HOST_KEY} -nocrypt -topk8 -out ${TEST_KEY}
+
+# Convert carol private key into v1.5 DES encrypted PKCS#8 format
+HOST_KEY=${DIR}/hosts/carol/${SWANCTL_DIR}/rsa/carolKey.pem
+TEST_KEY=${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey.pem
+openssl pkcs8 -in ${HOST_KEY} -nocrypt -topk8 -v1 PBE-MD5-DES \
+              -passout "pass:nH5ZQEWtku0RJEZ6" -out ${TEST_KEY}
+
+# Convert dave private key into v2.0 AES-128 encrypted PKCS#8 format
+HOST_KEY=${DIR}/hosts/dave/${SWANCTL_DIR}/rsa/daveKey.pem
+TEST_KEY=${TEST}/hosts/dave/${IPSEC_DIR}/private/daveKey.pem
+openssl pkcs8 -in ${HOST_KEY} -nocrypt -topk8  -v2 aes128 \
+              -passout "pass:OJlNZBx+80dLh4wC6fw5LmBd" -out ${TEST_KEY}
+
+################################################################################
+# Public Key Extraction                                                        #
+################################################################################
+
+# Extract the raw moon public key for the swanctl/net2net-pubkey scenario
+TEST="${TEST_DIR}/swanctl/net2net-pubkey"
+TEST_PUB="${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey/moonPub.pem"
+HOST_KEY="${DIR}/hosts/moon/${SWANCTL_DIR}/rsa/moonKey.pem"
+pki --pub --type rsa --in ${HOST_KEY} --outform pem > ${TEST_PUB}
+cp ${TEST_PUB} ${TEST}/hosts/sun/${SWANCTL_DIR}/pubkey
+
+# Put a copy into the ikev2/net2net-pubkey scenario
+TEST="${TEST_DIR}/ikev2/net2net-pubkey"
+cp ${TEST_PUB} ${TEST}/hosts/moon/${IPSEC_DIR}/certs
+cp ${TEST_PUB} ${TEST}/hosts/sun/${IPSEC_DIR}/certs
+
+# Put a copy into the swanctl/rw-pubkey-anon scenario
+TEST="${TEST_DIR}/swanctl/rw-pubkey-anon"
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+cp ${TEST_PUB} ${TEST}/hosts/carol/${SWANCTL_DIR}/pubkey
+cp ${TEST_PUB} ${TEST}/hosts/dave/${SWANCTL_DIR}/pubkey
+
+# Put a copy into the swanctl/rw-pubkey-keyid scenario
+TEST="${TEST_DIR}/swanctl/rw-pubkey-keyid"
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+cp ${TEST_PUB} ${TEST}/hosts/carol/${SWANCTL_DIR}/pubkey
+cp ${TEST_PUB} ${TEST}/hosts/dave/${SWANCTL_DIR}/pubkey
+
+# Extract the raw sun public key for the swanctl/net2net-pubkey scenario
+TEST="${TEST_DIR}/swanctl/net2net-pubkey"
+TEST_PUB="${TEST}/hosts/sun/${SWANCTL_DIR}/pubkey/sunPub.pem"
+HOST_KEY="${DIR}/hosts/sun/${SWANCTL_DIR}/rsa/sunKey.pem"
+pki --pub --type rsa --in ${HOST_KEY} --outform pem > ${TEST_PUB}
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+
+# Put a copy into the ikev2/net2net-pubkey scenario
+TEST="${TEST_DIR}/ikev2/net2net-pubkey"
+cp ${TEST_PUB} ${TEST}/hosts/moon/${IPSEC_DIR}/certs
+cp ${TEST_PUB} ${TEST}/hosts/sun/${IPSEC_DIR}/certs
+
+# Put a copy into the swanctl/rw-pubkey-anon scenario
+TEST="${TEST_DIR}/swanctl/rw-pubkey-anon"
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+
+# Extract the raw carol public key for the swanctl/rw-pubkey-anon scenario
+TEST="${TEST_DIR}/swanctl/rw-pubkey-anon"
+TEST_PUB="${TEST}/hosts/carol/${SWANCTL_DIR}/pubkey/carolPub.pem"
+HOST_KEY="${DIR}/hosts/carol/${SWANCTL_DIR}/rsa/carolKey.pem"
+pki --pub --type rsa --in ${HOST_KEY} --outform pem > ${TEST_PUB}
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+
+# Put a copy into the swanctl/rw-pubkey-keyid scenario
+TEST="${TEST_DIR}/swanctl/rw-pubkey-keyid"
+cp ${TEST_PUB} ${TEST}/hosts/carol/${SWANCTL_DIR}/pubkey
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+
+# Extract the raw dave public key for the swanctl/rw-pubkey-anon scenario
+TEST="${TEST_DIR}/swanctl/rw-pubkey-anon"
+TEST_PUB="${TEST}/hosts/dave/${SWANCTL_DIR}/pubkey/davePub.pem"
+HOST_KEY="${DIR}/hosts/dave/${SWANCTL_DIR}/rsa/daveKey.pem"
+pki --pub --type rsa --in ${HOST_KEY} --outform pem > ${TEST_PUB}
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+
+# Put a copy into the swanctl/rw-pubkey-keyid scenario
+TEST="${TEST_DIR}/swanctl/rw-pubkey-keyid"
+cp ${TEST_PUB} ${TEST}/hosts/dave/${SWANCTL_DIR}/pubkey
+cp ${TEST_PUB} ${TEST}/hosts/moon/${SWANCTL_DIR}/pubkey
+
+################################################################################
+# Host Certificate Generation                                                  #
+################################################################################
+
+# function issue_cert: serial host cn [ou]
+issue_cert()
+{
+  # does optional OU argument exist?
+  if [ -z "${4}" ]
+  then
+    OU=""
+  else
+    OU=" OU=${4},"
+  fi
+
+  HOST_DIR="${DIR}/hosts/${2}"
+  HOST_KEY="${HOST_DIR}/${IPSEC_DIR}/private/${2}Key.pem"
+  HOST_CERT="${HOST_DIR}/${IPSEC_DIR}/certs/${2}Cert.pem"
+  pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+      --in ${HOST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${3} \
+      --serial ${1} --dn "C=CH, O=${PROJECT},${OU} CN=${3}" \
+      --outform pem > ${HOST_CERT}
+  cp ${HOST_CERT} ${CA_DIR}/certs/${1}.pem
+
+  # Put a certificate copy into swanctl directory tree
+  cp ${HOST_CERT} ${HOST_DIR}/${SWANCTL_DIR}/x509
+}
+
+# Generate host certificates
+issue_cert 01 carol carol@strongswan.org Research
+issue_cert 02 dave dave@strongswan.org Accounting
+issue_cert 03 moon moon.strongswan.org
+issue_cert 04 sun sun.strongswan.org
+issue_cert 05 alice alice@strongswan.org Sales
+issue_cert 06 venus venus.strongswan.org
+issue_cert 07 bob bob@strongswan.org Research
+
+# Create PKCS#12 file for moon
+TEST="${TEST_DIR}/ikev2/net2net-pkcs12"
+HOST_KEY="${DIR}/hosts/moon/${SWANCTL_DIR}/rsa/moonKey.pem"
+HOST_CERT="${DIR}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.pem"
+MOON_PKCS12="${TEST}/hosts/moon/etc/ipsec.d/private/moonCert.p12"
+openssl pkcs12 -export -inkey ${HOST_KEY} -in ${HOST_CERT} -name "moon" \
+        -certfile ${CA_CERT} -caname "strongSwan Root CA" \
+        -aes128 -passout "pass:kUqd8O7mzbjXNJKQ" > ${MOON_PKCS12} 2> /dev/null
+
+# Create PKCS#12 file for sun
+HOST_KEY="${DIR}/hosts/sun/${SWANCTL_DIR}/rsa/sunKey.pem"
+HOST_CERT="${DIR}/hosts/sun/${SWANCTL_DIR}/x509/sunCert.pem"
+SUN_PKCS12="${TEST}/hosts/sun/etc/ipsec.d/private/sunCert.p12"
+openssl pkcs12 -export -inkey ${HOST_KEY} -in ${HOST_CERT} -name "sun" \
+        -certfile ${CA_CERT} -caname "strongSwan Root CA" \
+        -aes128 -passout "pass:IxjQVCF3JGI+MoPi" > ${SUN_PKCS12} 2> /dev/null
+
+# Put a PKCS#12 copy into the botan/net2net-pkcs12 scenario
+TEST="${TEST_DIR}/botan/net2net-pkcs12"
+mkdir -p "${TEST}/hosts/moon/etc/swanctl/pkcs12"
+cp ${MOON_PKCS12} "${TEST}/hosts/moon/etc/swanctl/pkcs12"
+mkdir -p "${TEST}/hosts/sun/etc/swanctl/pkcs12"
+cp ${SUN_PKCS12}  "${TEST}/hosts/sun/etc/swanctl/pkcs12"
+
+# Put a PKCS#12 copy into the openssl-ikev2/net2net-pkcs12 scenario
+TEST="${TEST_DIR}/openssl-ikev2/net2net-pkcs12"
+cp ${MOON_PKCS12} "${TEST}/hosts/moon/etc/swanctl/pkcs12"
+cp ${SUN_PKCS12}  "${TEST}/hosts/sun/etc/swanctl/pkcs12"
+
+# Generate a carol certificate for the swanctl/crl-to-cache scenario with base CDP
+TEST="${TEST_DIR}/swanctl/crl-to-cache"
+TEST_CERT="${TEST}/hosts/carol/${SWANCTL_DIR}/x509/carolCert.pem"
+HOST_KEY="${DIR}/hosts/carol/${SWANCTL_DIR}/rsa/carolKey.pem"
+CN="carol@strongswan.org"
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_BASE_CDP} --type rsa \
+    --in ${HOST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial 01 --dn "C=CH, O=${PROJECT}, OU=Research, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+
+# Generate a moon certificate for the swanctl/crl-to-cache scenario with base CDP
+TEST_CERT="${TEST}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.pem"
+HOST_KEY="${DIR}/hosts/moon/${SWANCTL_DIR}/rsa/moonKey.pem"
+CN="moon.strongswan.org"
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_BASE_CDP} --type rsa \
+    --in ${HOST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial 03 --dn "C=CH, O=${PROJECT}, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+
+# Encrypt carolKey.pem
+HOST_KEY="${DIR}/hosts/carol/${IPSEC_DIR}/private/carolKey.pem"
+KEY_PWD="nH5ZQEWtku0RJEZ6"
+openssl rsa -in ${HOST_KEY} -aes128 --passout pass:${KEY_PWD} -out ${HOST_KEY} \
+        2> /dev/null
+
+# Put a copy into the ikev2/dynamic-initiator scenario
+TEST="${TEST_DIR}/ikev2/dynamic-initiator"
+cp ${HOST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${CA_DIR}/certs/01.pem ${TEST}/hosts/dave/${IPSEC_DIR}/certs/carolCert.pem
+
+# Put a copy into the ikev1/dynamic-initiator scenario
+TEST="${TEST_DIR}/ikev1/dynamic-initiator"
+cp ${HOST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${CA_DIR}/certs/01.pem ${TEST}/hosts/dave/${IPSEC_DIR}/certs/carolCert.pem
+
+# Put a copy into the ikev1/dynamic-responder scenario
+TEST="${TEST_DIR}/ikev1/dynamic-responder"
+cp ${HOST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${CA_DIR}/certs/01.pem ${TEST}/hosts/dave/${IPSEC_DIR}/certs/carolCert.pem
+
+# Put a copy into the swanctl/rw-cert scenario
+TEST="${TEST_DIR}/swanctl/rw-cert"
+cp ${HOST_KEY} ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
+
+# Generate another carol certificate and revoke it
+TEST="${TEST_DIR}/ikev2/crl-revoked"
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="08"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+pki --signcrl --cakey ${CA_KEY} --cacert ${CA_CERT} --reason "key-compromise" \
+    --serial ${SERIAL} > ${CA_CRL}
+cp ${CA_CRL} ${CA_LAST_CRL}
+
+# Put a copy into the ikev2/ocsp-revoked scenario
+TEST="${TEST_DIR}/ikev2/ocsp-revoked"
+cp ${TEST_KEY}  ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Generate another carol certificate with SN=002
+TEST="${TEST_DIR}/ikev2/two-certs"
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey-002.pem"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert-002.pem"
+SERIAL="09"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, SN=002, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+################################################################################
+# Research CA Certificate Generation                                           #
+################################################################################
+
+# Generate a Research CA certificate signed by the Root CA and revoke it
+TEST="${TEST_DIR}/ikev2/multi-level-ca-revoked"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/cacerts/researchCert.pem"
+SERIAL="0A"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${RESEARCH_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${RESEARCH_KEY} --not-before "${START}" --not-after "${IM_END}" --ca \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=Research CA" \
+    --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+pki --signcrl --cakey ${CA_KEY} --cacert ${CA_CERT} --reason "ca-compromise" \
+    --serial ${SERIAL} --lastcrl ${CA_LAST_CRL} > ${CA_CRL}
+rm ${CA_LAST_CRL}
+
+# Generate Research CA with the same private key as above signed by Root CA
+SERIAL="0B"
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${RESEARCH_KEY} --not-before "${START}" --not-after "${IM_END}" --ca \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=Research CA" \
+    --outform pem > ${RESEARCH_CERT}
+cp ${RESEARCH_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Put a certificate copy into the ikev1/multi-level-ca scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev1/multi-level-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-init"
+cp ${RESEARCH_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev1/multi-level-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-resp"
+cp ${RESEARCH_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-ldap scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-ldap"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-init"
+cp ${RESEARCH_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-resp"
+cp ${RESEARCH_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-pathlen scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-pathlen"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-strict scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-strict"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/ocsp-multi-level scenario
+TEST="${TEST_DIR}/ikev2/ocsp-multi-level"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/ocsp-strict-ifuri scenario
+TEST="${TEST_DIR}/ikev2/ocsp-strict-ifuri"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the swanctl/multi-level-ca scenario
+TEST="${TEST_DIR}/swanctl/multi-level-ca"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+
+# Put a certificate copy into the swanctl/ocsp-multi-level scenario
+TEST="${TEST_DIR}/swanctl/ocsp-multi-level"
+cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+
+# Generate Research CA with the same private key as above but invalid CDP
+TEST="${TEST_DIR}/ikev2/multi-level-ca-skipped"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/cacerts/researchCert.pem"
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --type rsa \
+    --crl "http://crl.strongswan.org/not-available.crl" \
+    --in ${RESEARCH_KEY} --not-before "${START}" --not-after "${IM_END}" --ca \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=Research CA" \
+    --outform pem > ${TEST_CERT}
+
+################################################################################
+# Sales CA Certificate Generation                                              #
+################################################################################
+
+# Generate Sales CA signed by Root CA
+SERIAL="0C"
+pki --gen  --type rsa --size ${RSA_SIZE} --outform pem > ${SALES_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${SALES_KEY} --not-before "${START}" --not-after "${IM_END}" --ca \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Sales, CN=Sales CA" \
+    --outform pem > ${SALES_CERT}
+cp ${SALES_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Put a certificate copy into the ikev1/multi-level-ca scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev1/multi-level-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-init"
+cp ${SALES_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev1/multi-level-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-resp"
+cp ${SALES_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-ldap scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-ldap"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-init"
+cp ${SALES_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-resp"
+cp ${SALES_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/multi-level-ca-strict scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-strict"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/ocsp-multi-level scenario
+TEST="${TEST_DIR}/ikev2/ocsp-multi-level"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the ikev2/ocsp-struct.ifuri scenario
+TEST="${TEST_DIR}/ikev2/ocsp-strict-ifuri"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Put a certificate copy into the swanctl/multi-level-ca scenario
+TEST="${TEST_DIR}/swanctl/multi-level-ca"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+
+# Put a certificate copy into the swanctl/ocsp-multi-level scenario
+TEST="${TEST_DIR}/swanctl/ocsp-multi-level"
+cp ${SALES_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+
+# Generate an AES-128 encrypted moon key and a SHA-224 hashed certificate
+TEST="${TEST_DIR}/ikev2/strong-keys-certs"
+TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/moonKey-aes128.pem"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/certs/moonCert-sha224.pem"
+KEY_PWD="gOQHdrSWeFuiZtYPetWuyzHW"
+CN="moon.strongswan.org"
+SERIAL="0D"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-224, CN=${CN}" \
+    --digest sha224 --outform pem > ${TEST_CERT}
+openssl rsa -in ${TEST_KEY} -aes128 --passout pass:${KEY_PWD} -out ${TEST_KEY} \
+        2> /dev/null
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Generate an AES-192 encrypted carol key and a SHA-384 hashed certificate
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey-aes192.pem"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert-sha384.pem"
+KEY_PWD="ITP/H4lSHqGpUGmCpgNDklbzTNV+swjA"
+CN="carol@strongswan.org"
+SERIAL="0E"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-384, CN=${CN}" \
+    --digest sha384 --outform pem > ${TEST_CERT}
+openssl rsa -in ${TEST_KEY} -aes192 --passout pass:${KEY_PWD} -out ${TEST_KEY} \
+        2> /dev/null
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Generate an AES-256 encrypted dave key and a SHA-512 hashed certificate
+TEST_KEY="${TEST}/hosts/dave/${IPSEC_DIR}/private/daveKey-aes256.pem"
+TEST_CERT="${TEST}/hosts/dave/${IPSEC_DIR}/certs/daveCert-sha512.pem"
+KEY_PWD="MeFnDN7VUbj+qU/bkgRIFvbCketIk2wrrs5Ii8297N2v"
+CN="dave@strongswan.org"
+SERIAL="0F"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-512, CN=${CN}" \
+    --digest sha512 --outform pem > ${TEST_CERT}
+openssl rsa -in ${TEST_KEY} -aes256 --passout pass:${KEY_PWD} -out ${TEST_KEY} \
+        2> /dev/null
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Generate another carol certificate with an OCSP URI
+TEST="${TEST_DIR}/ikev2/ocsp-signer-cert"
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="10"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=OCSP, CN=${CN}" \
+    --ocsp ${CA_OCSP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Put a copy into the ikev2/ocsp-timeouts-good scenario
+TEST="${TEST_DIR}/ikev2/ocsp-timeouts-good"
+cp ${TEST_KEY}  ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy into the swanctl/ocsp-signer-cert scenario
+TEST="${TEST_DIR}/swanctl/ocsp-signer-cert"
+cp ${TEST_KEY}  ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
+cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+
+# Put a copy into the swanctl/ocsp-disabled scenario
+TEST="${TEST_DIR}/swanctl/ocsp-disabled"
+cp ${TEST_KEY}  ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
+cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+
+# Generate an OCSP Signing certificate for the strongSwan Root CA
+TEST_KEY="${CA_DIR}/ocspKey.pem"
+TEST_CERT="${CA_DIR}/ocspCert.pem"
+CN="ocsp.strongswan.org"
+OU="OCSP Signing Authority"
+SERIAL="11"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=${OU}, CN=${CN}" \
+    --flag ocspSigning --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Generate a self-signed OCSP Signing certificate
+TEST_KEY="${CA_DIR}/ocspKey-self.pem"
+TEST_CERT="${CA_DIR}/ocspCert-self.pem"
+OU="OCSP Self-Signed Authority"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --self --type rsa --in ${TEST_KEY} --flag ocspSigning \
+    --not-before "${START}" --not-after "${CA_END}" --san ${CN} \
+    --dn "C=CH, O=${PROJECT}, OU=${OU}, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+
+# Copy self-signed OCSP Signing certificate to ikev2/ocsp-local-cert scenario
+TEST="${TEST_DIR}/ikev2/ocsp-local-cert"
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/ocspcerts
+cp ${TEST_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/ocspcerts
+
+# Generate mars virtual server certificate
+TEST="${TEST_DIR}/ha/both-active"
+TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/marsKey.pem"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/certs/marsCert.pem"
+CN="mars.strongswan.org"
+OU="Virtual VPN Gateway"
+SERIAL="12"
+mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/private
+mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/certs
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=${OU}, CN=${CN}" \
+    --flag serverAuth --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Put a copy into the mirrored gateway
+mkdir -p ${TEST}/hosts/alice/${IPSEC_DIR}/private
+mkdir -p ${TEST}/hosts/alice/${IPSEC_DIR}/certs
+cp ${TEST_KEY}  ${TEST}/hosts/alice/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/alice/${IPSEC_DIR}/certs
+
+# Put a copy into the ha/active-passive and ikev2-redirect-active scenarios
+for t in "ha/active-passive" "ikev2/redirect-active"
+do
+  TEST="${TEST_DIR}/${t}"
+  for h in alice moon
+  do
+    mkdir -p ${TEST}/hosts/${h}/${IPSEC_DIR}/private
+    mkdir -p ${TEST}/hosts/${h}/${IPSEC_DIR}/certs
+    cp ${TEST_KEY}  ${TEST}/hosts/${h}/${IPSEC_DIR}/private
+    cp ${TEST_CERT} ${TEST}/hosts/${h}/${IPSEC_DIR}/certs
+  done
+done
+
+# Generate winnetou server certificate
+HOST_KEY="${CA_DIR}/winnetouKey.pem"
+HOST_CERT="${CA_DIR}/winnetouCert.pem"
+CN="winnetou.strongswan.org"
+SERIAL="13"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${HOST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${HOST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, CN=${CN}" \
+    --flag serverAuth --outform pem > ${HOST_CERT}
+cp ${HOST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Generate AAA server certificate
+TEST="${TEST_DIR}/tnc/tnccs-20-pdp-eap"
+TEST_KEY="${TEST}/hosts/alice/${SWANCTL_DIR}/rsa/aaaKey.pem"
+TEST_CERT="${TEST}/hosts/alice/${SWANCTL_DIR}/x509/aaaCert.pem"
+CN="aaa.strongswan.org"
+SERIAL="14"
+cd "${TEST}/hosts/alice/${SWANCTL_DIR}"
+mkdir -p rsa x509
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+--in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, CN=${CN}" \
+    --flag serverAuth --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Put a copy into various tnc scenarios
+for t in tnccs-20-pdp-pt-tls tnccs-20-ev-pt-tls tnccs-20-hcd-eap
+do
+  cd "${TEST_DIR}/tnc/${t}/hosts/alice/${SWANCTL_DIR}"
+  mkdir -p rsa x509
+  cp ${TEST_KEY}  rsa
+  cp ${TEST_CERT} x509
+done
+
+# Put a copy into the alice FreeRADIUS server
+cp ${TEST_KEY} ${TEST_CERT} ${DIR}/hosts/alice/etc/raddb/certs
+
+################################################################################
+# strongSwan Attribute Authority                                               #
+################################################################################
+
+# Generate Attritbute Authority certificate
+TEST="${TEST_DIR}/ikev2/acert-cached"
+TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/aaKey.pem"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/aacerts/aaCert.pem"
+CN="strongSwan Attribute Authority"
+SERIAL="15"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${IM_END}" \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Generate carol's attribute certificate for sales and finance
+ACERT=${TEST}/hosts/moon/${IPSEC_DIR}/acerts/carol-sales-finance.pem
+pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
+    --in ${CA_DIR}/certs/01.pem --group sales --group finance \
+    --not-before "${START}" --not-after "${EE_END}" --outform pem > ${ACERT}
+
+# Generate dave's expired attribute certificate for sales
+ACERT=${TEST}/hosts/moon/${IPSEC_DIR}/acerts/dave-sales-expired.pem
+pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
+    --in ${CA_DIR}/certs/02.pem --group sales \
+    --not-before "${START}" --not-after "${SH_END}" --outform pem  > ${ACERT}
+
+# Generate dave's attribute certificate for marketing
+ACERT_DM=${TEST}/hosts/moon/${IPSEC_DIR}/acerts/dave-marketing.pem
+pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
+    --in ${CA_DIR}/certs/02.pem --group marketing \
+    --not-before "${SH_END}" --not-after "${EE_END}" --outform pem > ${ACERT_DM}
+
+# Put a copy into the ikev2/acert-fallback scenario
+TEST="${TEST_DIR}/ikev2/acert-fallback"
+cp ${TEST_KEY}  ${TEST}/hosts/moon/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/aacerts
+
+# Generate carol's expired attribute certificate for finance
+ACERT=${TEST}/hosts/carol/${IPSEC_DIR}/acerts/carol-finance-expired.pem
+pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
+    --in ${CA_DIR}/certs/01.pem --group finance \
+    --not-before "${START}" --not-after "${SH_END}" --outform pem  > ${ACERT}
+
+# Generate carol's valid attribute certificate for sales
+ACERT_CS=${TEST}/hosts/carol/${IPSEC_DIR}/acerts/carol-sales.pem
+pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
+    --in ${CA_DIR}/certs/01.pem --group sales \
+    --not-before "${SH_END}" --not-after "${EE_END}" --outform pem > ${ACERT_CS}
+
+# Put a copy into the ikev2/acert-inline scenarion
+TEST="${TEST_DIR}/ikev2/acert-inline"
+cp ${TEST_KEY}  ${TEST}/hosts/moon/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/aacerts
+cp ${ACERT_CS}  ${TEST}/hosts/carol/${IPSEC_DIR}/acerts
+cp ${ACERT_DM}  ${TEST}/hosts/dave/${IPSEC_DIR}/acerts
+
+# Generate a short-lived Attritbute Authority certificate
+CN="strongSwan Legacy AA"
+TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/aaKey-expired.pem"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/aacerts/aaCert-expired.pem"
+SERIAL="16"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${CA_KEY} --cacert ${CA_CERT} --crl ${CA_CDP} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${SH_END}" \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
+
+# Genrate dave's attribute certificate for sales from expired AA
+ACERT=${TEST}/hosts/dave/${IPSEC_DIR}/acerts/dave-expired-aa.pem
+pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
+    --in ${CA_DIR}/certs/02.pem --group sales \
+    --not-before "${START}" --not-after "${EE_END}" --outform pem > ${ACERT}
+
+################################################################################
+# strongSwan Root CA index for OCSP server                                     #
+################################################################################
+
+# generate index.txt file for Root OCSP server
+cp ${CA_DIR}/index.txt.template ${CA_DIR}/index.txt
+sed -i -e "s/EE_EXPIRATION/${EE_EXP}/g" ${CA_DIR}/index.txt
+sed -i -e "s/IM_EXPIRATION/${IM_EXP}/g" ${CA_DIR}/index.txt
+sed -i -e "s/SH_EXPIRATION/${SH_EXP}/g" ${CA_DIR}/index.txt
+sed -i -e "s/REVOCATION/${NOW}/g" ${CA_DIR}/index.txt
+
+################################################################################
+# Research CA                                                                  #
+################################################################################
+
+# Generate a carol research certificate
+TEST="${TEST_DIR}/ikev2/multi-level-ca"
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="01"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${RESEARCH_KEY} --cacert ${RESEARCH_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=${CN}" \
+    --crl ${RESEARCH_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${RESEARCH_DIR}/certs/${SERIAL}.pem
+
+# Put a copy in the ikev2/multilevel-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-init"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-resp"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-ldap scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-ldap"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-ldap scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-loop"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-revoked scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-revoked"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-skipped scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-skipped"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-strict scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-strict"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/ocsp-multilevel scenario
+TEST="${TEST_DIR}/ikev2/ocsp-multi-level"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev1/multilevel-ca scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev1/multilevel-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-init"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev1/multilevel-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-resp"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
+
+# Put a copy in the swanctl/multilevel-ca scenario
+TEST="${TEST_DIR}/swanctl/multi-level-ca"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
+cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+
+# Put a copy in the swanctl/ocsp-multilevel scenario
+TEST="${TEST_DIR}/swanctl/ocsp-multi-level"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
+cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+
+# Generate a carol research certificate without a CDP
+TEST="${TEST_DIR}/ikev2/ocsp-strict-ifuri"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert.pem"
+pki --issue --cakey ${RESEARCH_KEY} --cacert ${RESEARCH_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
+
+# Generate an OCSP Signing certificate for the Research CA
+TEST_KEY="${RESEARCH_DIR}/ocspKey.pem"
+TEST_CERT="${RESEARCH_DIR}/ocspCert.pem"
+OU="Research OCSP Signing Authority"
+CN="ocsp.research.strongswan.org"
+SERIAL="02"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${RESEARCH_KEY} --cacert ${RESEARCH_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=${OU}, CN=${CN}" \
+    --crl ${RESEARCH_CDP} --flag ocspSigning --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${RESEARCH_DIR}/certs/${SERIAL}.pem
+
+# Generate a Sales CA certificate signed by the Research CA
+TEST="${TEST_DIR}/ikev2/multi-level-ca-loop"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/cacerts/sales_by_researchCert.pem"
+SERIAL="03"
+pki --issue --cakey ${RESEARCH_KEY} --cacert ${RESEARCH_CERT} --type rsa \
+    --in ${SALES_KEY} --not-before "${START}" --not-after "${EE_END}" --ca \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Sales, CN=Sales CA" \
+    --crl ${RESEARCH_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${RESEARCH_DIR}/certs/${SERIAL}.pem
+
+################################################################################
+# Duck Research CA                                                                     #
+################################################################################
+
+# Generate a Duck Research CA certificate signed by the Research CA
+SERIAL="04"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${DUCK_KEY}
+pki --issue --cakey ${RESEARCH_KEY} --cacert ${RESEARCH_CERT} --type rsa \
+    --in ${DUCK_KEY} --not-before "${START}" --not-after "${EE_END}" --ca \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=Duck Research CA" \
+    --crl ${RESEARCH_CDP} --outform pem > ${DUCK_CERT}
+cp ${DUCK_CERT} ${RESEARCH_DIR}/certs/${SERIAL}.pem
+
+# Put a certificate copy in the ikev2/multilevel-ca-pathlen scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-pathlen"
+cp ${DUCK_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+
+# Generate a carol certificate signed by the Duck Research CA
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="01"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${DUCK_KEY} --cacert ${DUCK_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Duck Research, CN=${CN}" \
+    --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${DUCK_DIR}/certs/${SERIAL}.pem
+
+# Generate index.txt file for Research OCSP server
+cp ${RESEARCH_DIR}/index.txt.template ${RESEARCH_DIR}/index.txt
+sed -i -e "s/EE_EXPIRATION/${EE_EXP}/g" ${RESEARCH_DIR}/index.txt
+
+################################################################################
+# Sales CA                                                                     #
+################################################################################
+
+# Generate a dave sales certificate
+TEST="${TEST_DIR}/ikev2/multi-level-ca"
+TEST_KEY="${TEST}/hosts/dave/${IPSEC_DIR}/private/daveKey.pem"
+TEST_CERT="${TEST}/hosts/dave/${IPSEC_DIR}/certs/daveCert.pem"
+CN="dave@strongswan.org"
+SERIAL="01"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${SALES_KEY} --cacert ${SALES_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Sales, CN=${CN}" \
+    --crl ${SALES_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${SALES_DIR}/certs/${SERIAL}.pem
+
+# Put a copy in the ikev2/multilevel-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-init"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-cr-resp"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-ldap scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-ldap"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/multilevel-ca-strict scenario
+TEST="${TEST_DIR}/ikev2/multi-level-ca-strict"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev2/ocsp-multilevel scenario
+TEST="${TEST_DIR}/ikev2/ocsp-multi-level"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev1/multilevel-ca scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev1/multilevel-ca-cr-init scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-init"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the ikev1/multilevel-ca-cr-resp scenario
+TEST="${TEST_DIR}/ikev1/multi-level-ca-cr-resp"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
+
+# Put a copy in the swanctl/multilevel-ca scenario
+TEST="${TEST_DIR}/swanctl/multi-level-ca"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${SWANCTL_DIR}/rsa
+cp ${TEST_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
+
+# Put a copy in the swanctl/ocsp-multilevel scenario
+TEST="${TEST_DIR}/swanctl/ocsp-multi-level"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${SWANCTL_DIR}/rsa
+cp ${TEST_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
+
+# Generate a dave sales certificate with an inactive OCSP URI and no CDP
+TEST="${TEST_DIR}/ikev2/ocsp-strict-ifuri"
+TEST_CERT="${TEST}/hosts/dave/${IPSEC_DIR}/certs/daveCert.pem"
+pki --issue --cakey ${SALES_KEY} --cacert ${SALES_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Sales, CN=${CN}" \
+    --ocsp "http://ocsp2.strongswan.org:8882" --outform pem > ${TEST_CERT}
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private
+
+# Generate an OCSP Signing certificate for the Sales CA
+TEST_KEY="${SALES_DIR}/ocspKey.pem"
+TEST_CERT="${SALES_DIR}/ocspCert.pem"
+OU="Sales OCSP Signing Authority"
+CN="ocsp.sales.strongswan.org"
+SERIAL="02"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${SALES_KEY} --cacert ${SALES_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=${OU}, CN=${CN}" \
+    --crl ${SALES_CDP} --flag ocspSigning --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${SALES_DIR}/certs/${SERIAL}.pem
+
+# Generate a Research CA certificate signed by the Sales CA
+TEST="${TEST_DIR}/ikev2/multi-level-ca-loop"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/cacerts/research_by_salesCert.pem"
+SERIAL="03"
+pki --issue --cakey ${SALES_KEY} --cacert ${SALES_CERT} --type rsa \
+    --in ${RESEARCH_KEY} --not-before "${START}" --not-after "${EE_END}" --ca \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Research, CN=Research CA" \
+    --crl ${SALES_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${SALES_DIR}/certs/${SERIAL}.pem
+
+# generate index.txt file for Sales OCSP server
+cp ${SALES_DIR}/index.txt.template ${SALES_DIR}/index.txt
+sed -i -e "s/EE_EXPIRATION/${EE_EXP}/g" ${SALES_DIR}/index.txt
+
+################################################################################
+# strongSwan EC Root CA                                                        #
+################################################################################
+
+# Generate strongSwan EC Root CA
+pki --gen  --type ecdsa --size 521 --outform pem > ${ECDSA_KEY}
+pki --self --type ecdsa --in ${ECDSA_KEY} \
+    --not-before "${START}" --not-after "${CA_END}" --ca \
+    --dn "C=CH, O=${PROJECT}, CN=strongSwan EC Root CA" \
+    --outform pem > ${ECDSA_CERT}
+
+# Put a copy in the openssl-ikev2/ecdsa-certs scenario
+TEST="${TEST_DIR}/openssl-ikev2/ecdsa-certs"
+cp ${ECDSA_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+cp ${ECDSA_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+cp ${ECDSA_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+
+# Generate a moon ECDSA 521 bit certificate
+MOON_KEY="${TEST}/hosts/moon/${SWANCTL_DIR}/ecdsa/moonKey.pem"
+MOON_CERT="${TEST}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.pem"
+CN="moon.strongswan.org"
+SERIAL="01"
+pki --gen --type ecdsa --size 521 --outform pem > ${MOON_KEY}
+pki --issue --cakey ${ECDSA_KEY} --cacert ${ECDSA_CERT} --type ecdsa \
+    --in ${MOON_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=ECDSA 512 bit, CN=${CN}" \
+    --crl ${ECDSA_CDP} --outform pem > ${MOON_CERT}
+cp ${MOON_CERT} ${ECDSA_DIR}/certs/${SERIAL}.pem
+
+# Generate a carol ECDSA 256 bit certificate
+CAROL_KEY="${TEST}/hosts/carol/${SWANCTL_DIR}/ecdsa/carolKey.pem"
+CAROL_CERT="${TEST}/hosts/carol/${SWANCTL_DIR}/x509/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="02"
+pki --gen --type ecdsa --size 256 --outform pem > ${CAROL_KEY}
+pki --issue --cakey ${ECDSA_KEY} --cacert ${ECDSA_CERT} --type ecdsa \
+    --in ${CAROL_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=ECDSA 256 bit, CN=${CN}" \
+    --crl ${ECDSA_CDP} --outform pem > ${CAROL_CERT}
+cp ${CAROL_CERT} ${ECDSA_DIR}/certs/${SERIAL}.pem
+
+# Generate a dave ECDSA 384 bit certificate
+DAVE_KEY="${TEST}/hosts/dave/${SWANCTL_DIR}/ecdsa/daveKey.pem"
+DAVE_CERT="${TEST}/hosts/dave/${SWANCTL_DIR}/x509/daveCert.pem"
+CN="dave@strongswan.org"
+SERIAL="03"
+pki --gen --type ecdsa --size 384 --outform pem > ${DAVE_KEY}
+pki --issue --cakey ${ECDSA_KEY} --cacert ${ECDSA_CERT} --type ecdsa \
+    --in ${DAVE_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=ECDSA 384 bit, CN=${CN}" \
+    --crl ${ECDSA_CDP} --outform pem > ${DAVE_CERT}
+cp ${DAVE_CERT} ${ECDSA_DIR}/certs/${SERIAL}.pem
+
+# Put CA and EE certificate copies in the openssl-ikev2/rw-ecdsa-pkcs8 scenario
+TEST="${TEST_DIR}/openssl-ikev2/ecdsa-pkcs8"
+cp ${ECDSA_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+cp ${MOON_CERT}  ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
+cp ${ECDSA_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+cp ${CAROL_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+cp ${ECDSA_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+cp ${DAVE_CERT}  ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
+
+# Convert moon private key into unencrypted PKCS#8 format
+TEST_KEY=${TEST}/hosts/moon/${SWANCTL_DIR}/pkcs8/moonKey.pem
+openssl pkcs8 -in ${MOON_KEY} -nocrypt -topk8 -out ${TEST_KEY}
+
+# Convert carol private key into v1.5 DES encrypted PKCS#8 format
+TEST_KEY=${TEST}/hosts/carol/${SWANCTL_DIR}/pkcs8/carolKey.pem
+openssl pkcs8 -in ${CAROL_KEY} -nocrypt -topk8 -v1 PBE-MD5-DES \
+              -passout "pass:nH5ZQEWtku0RJEZ6" -out ${TEST_KEY}
+
+# Convert dave private key into v2.0 AES-128 encrypted PKCS#8 format
+TEST_KEY=${TEST}/hosts/dave/${SWANCTL_DIR}/pkcs8/daveKey.pem
+openssl pkcs8 -in ${DAVE_KEY} -nocrypt -topk8  -v2 aes128 \
+              -passout "pass:OJlNZBx+80dLh4wC6fw5LmBd" -out ${TEST_KEY}
+
+# Put CA and EE certificate copies in the openssl-ikev1/rw-ecdsa-certs scenario
+TEST="${TEST_DIR}/openssl-ikev1/ecdsa-certs"
+cd ${TEST}/hosts/moon/${SWANCTL_DIR}
+mkdir -p ecdsa x509 x509ca
+cp ${MOON_KEY}   ecdsa
+cp ${MOON_CERT}  x509
+cp ${ECDSA_CERT} x509ca
+cd ${TEST}/hosts/carol/${SWANCTL_DIR}
+mkdir -p ecdsa x509 x509ca
+cp ${CAROL_KEY}  ecdsa
+cp ${CAROL_CERT} x509
+cp ${ECDSA_CERT} x509ca
+cd ${TEST}/hosts/dave/${SWANCTL_DIR}
+mkdir -p ecdsa x509 x509ca
+cp ${DAVE_KEY}   ecdsa
+cp ${DAVE_CERT}  x509
+cp ${ECDSA_CERT} x509ca
+
+################################################################################
+# strongSwan RFC3779 Root CA                                                   #
+################################################################################
+
+# Generate strongSwan RFC3779 Root CA
+pki --gen  --type rsa --size ${RSA_SIZE} --outform pem > ${RFC3779_KEY}
+pki --self --type rsa --in ${RFC3779_KEY} \
+    --not-before "${START}" --not-after "${CA_END}" --ca \
+    --dn "C=CH, O=${PROJECT}, OU=RFC3779, CN=strongSwan RFC3779 Root CA" \
+    --addrblock "10.1.0.0-10.2.255.255" \
+    --addrblock "10.3.0.1-10.3.3.232" \
+    --addrblock "192.168.0.0/24" \
+    --addrblock "fec0::-fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff" \
+    --outform pem > ${RFC3779_CERT}
+
+# Put a copy in the ikev2/net2net-rfc3779 scenario
+TEST="${TEST_DIR}/ikev2/net2net-rfc3779"
+mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+mkdir -p ${TEST}/hosts/sun/${IPSEC_DIR}/cacerts
+cp ${RFC3779_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts
+cp ${RFC3779_CERT} ${TEST}/hosts/sun/${IPSEC_DIR}/cacerts
+
+# Put a copy in the ipv6/rw-rfc3779-ikev2 scenario
+TEST="${TEST_DIR}/ipv6/rw-rfc3779-ikev2"
+mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+cp ${RFC3779_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+cp ${RFC3779_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+
+# Generate a moon RFC3779 certificate
+TEST="${TEST_DIR}/ikev2/net2net-rfc3779"
+TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/moonKey.pem"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/certs/moonCert.pem"
+CN="moon.strongswan.org"
+SERIAL="01"
+mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/private
+mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/certs
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${RFC3779_KEY} --cacert ${RFC3779_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=RFC3779, CN=${CN}" \
+    --addrblock "10.1.0.0/16" --addrblock "192.168.0.1/32" \
+    --addrblock "fec0::1/128" --addrblock "fec1::/16" \
+    --crl ${RFC3779_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${RFC3779_DIR}/certs/${SERIAL}.pem
+
+# Put a copy in the ipv6 scenarios
+for t in net2net-rfc3779-ikev2 rw-rfc3779-ikev2
+do
+  cd "${TEST_DIR}/ipv6/${t}/hosts/moon/${SWANCTL_DIR}"
+  mkdir -p rsa x509 x509ca
+  cp ${TEST_KEY}  rsa
+  cp ${TEST_CERT} x509
+  cp ${RFC3779_CERT} x509ca
+done
+
+# Generate a sun RFC3779 certificate
+TEST="${TEST_DIR}/ikev2/net2net-rfc3779"
+TEST_KEY="${TEST}/hosts/sun/${IPSEC_DIR}/private/sunKey.pem"
+TEST_CERT="${TEST}/hosts/sun/${IPSEC_DIR}/certs/sunCert.pem"
+CN="sun.strongswan.org"
+SERIAL="02"
+mkdir -p ${TEST}/hosts/sun/${IPSEC_DIR}/private
+mkdir -p ${TEST}/hosts/sun/${IPSEC_DIR}/certs
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${RFC3779_KEY} --cacert ${RFC3779_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=RFC3779, CN=${CN}" \
+    --addrblock "10.2.0.0/16" --addrblock "192.168.0.2/32" \
+    --addrblock "fec0::2/128" --addrblock "fec2::/16" \
+    --crl ${RFC3779_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${RFC3779_DIR}/certs/${SERIAL}.pem
+
+# Put a copy in the ipv6/net2net-rfc3779-ikev2 scenario
+cd "${TEST_DIR}/ipv6/net2net-rfc3779-ikev2/hosts/sun/${SWANCTL_DIR}"
+mkdir -p rsa x509 x509ca
+cp ${TEST_KEY} rsa
+cp ${TEST_CERT} x509
+cp ${RFC3779_CERT} x509ca
+
+# Generate a carol RFC3779 certificate
+TEST="${TEST_DIR}/ipv6/rw-rfc3779-ikev2"
+TEST_KEY="${TEST}/hosts/carol/${SWANCTL_DIR}/rsa/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${SWANCTL_DIR}/x509/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="03"
+mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
+mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${RFC3779_KEY} --cacert ${RFC3779_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=RFC3779, CN=${CN}" \
+    --addrblock "10.3.0.1/32" --addrblock "192.168.0.100/32" \
+    --addrblock "fec0::10/128" \
+    --crl ${RFC3779_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${RFC3779_DIR}/certs/${SERIAL}.pem
+
+# Generate a carol RFC3779 certificate
+TEST="${TEST_DIR}/ipv6/rw-rfc3779-ikev2"
+TEST_KEY="${TEST}/hosts/dave/${SWANCTL_DIR}/rsa/daveKey.pem"
+TEST_CERT="${TEST}/hosts/dave/${SWANCTL_DIR}/x509/daveCert.pem"
+CN="dave@strongswan.org"
+SERIAL="04"
+mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/rsa
+mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${RFC3779_KEY} --cacert ${RFC3779_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=RFC3779, CN=${CN}" \
+    --addrblock "10.3.0.2/32" --addrblock "192.168.0.200/32" \
+    --addrblock "fec0::20/128" \
+    --crl ${RFC3779_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${RFC3779_DIR}/certs/${SERIAL}.pem
+
+################################################################################
+# strongSwan SHA3-RSA Root CA                                                  #
+################################################################################
+
+# Generate strongSwan SHA3-RSA Root CA
+pki --gen  --type rsa --size ${RSA_SIZE} --outform pem > ${SHA3_RSA_KEY}
+pki --self --type rsa --in ${SHA3_RSA_KEY} --digest sha3_256 \
+    --not-before "${START}" --not-after "${CA_END}" --ca \
+    --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=strongSwan Root CA" \
+    --outform pem > ${SHA3_RSA_CERT}
+
+# Put a copy in the swanctl/net2net-sha3-rsa-cert scenario
+TEST="${TEST_DIR}/swanctl/net2net-sha3-rsa-cert"
+cp ${SHA3_RSA_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+cp ${SHA3_RSA_CERT} ${TEST}/hosts/sun/${SWANCTL_DIR}/x509ca
+
+# Generate a sun SHA3-RSA certificate
+SUN_KEY="${TEST}/hosts/sun/${SWANCTL_DIR}/rsa/sunKey.pem"
+SUN_CERT="${TEST}/hosts/sun/${SWANCTL_DIR}/x509/sunCert.pem"
+CN="sun.strongswan.org"
+SERIAL="01"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${SUN_KEY}
+pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
+    --in ${SUN_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
+    --crl ${SHA3_RSA_CDP} --digest sha3_256 --outform pem > ${SUN_CERT}
+cp ${SUN_CERT} ${SHA3_RSA_DIR}/certs/${SERIAL}.pem
+
+# Generate a moon SHA3-RSA certificate
+MOON_KEY="${TEST}/hosts/moon/${SWANCTL_DIR}/rsa/moonKey.pem"
+MOON_CERT="${TEST}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.pem"
+CN="moon.strongswan.org"
+SERIAL="02"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${MOON_KEY}
+pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
+    --in ${MOON_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
+    --crl ${SHA3_RSA_CDP} --digest sha3_256 --outform pem > ${MOON_CERT}
+cp ${MOON_CERT} ${SHA3_RSA_DIR}/certs/${SERIAL}.pem
+
+# Put a copy in the botan/net2net-sha3-rsa-cert scenario
+TEST="${TEST_DIR}/botan/net2net-sha3-rsa-cert"
+cd ${TEST}/hosts/moon/${SWANCTL_DIR}
+mkdir -p rsa x509 x509ca
+cp ${MOON_KEY}      rsa
+cp ${MOON_CERT}     x509
+cp ${SHA3_RSA_CERT} x509ca
+cd ${TEST}/hosts/sun/${SWANCTL_DIR}
+mkdir -p rsa x509 x509ca
+cp ${SUN_KEY}       rsa
+cp ${SUN_CERT}      x509
+cp ${SHA3_RSA_CERT} x509ca
+
+# Put a copy in the swanctl/rw-eap-tls-sha3-rsa scenario
+TEST="${TEST_DIR}/swanctl/rw-eap-tls-sha3-rsa"
+cp ${MOON_KEY} ${TEST}/hosts/moon/${SWANCTL_DIR}/rsa
+cp ${MOON_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
+cp ${SHA3_RSA_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+cp ${SHA3_RSA_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+cp ${SHA3_RSA_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+
+# Generate a carol SHA3-RSA certificate
+TEST_KEY="${TEST}/hosts/carol/${SWANCTL_DIR}/rsa/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${SWANCTL_DIR}/x509/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="03"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
+    --crl ${SHA3_RSA_CDP} --digest sha3_256 --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${SHA3_RSA_DIR}/certs/${SERIAL}.pem
+
+# Generate a dave SHA3-RSA certificate
+TEST_KEY="${TEST}/hosts/dave/${SWANCTL_DIR}/rsa/daveKey.pem"
+TEST_CERT="${TEST}/hosts/dave/${SWANCTL_DIR}/x509/daveCert.pem"
+CN="dave@strongswan.org"
+SERIAL="04"
+pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
+    --crl ${SHA3_RSA_CDP} --digest sha3_256 --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${SHA3_RSA_DIR}/certs/${SERIAL}.pem
+
+################################################################################
+# strongSwan Ed25519 Root CA                                                   #
+################################################################################
+
+# Generate strongSwan Ed25519 Root CA
+pki --gen  --type ed25519 --outform pem > ${ED25519_KEY}
+pki --self --type ed25519 --in ${ED25519_KEY} \
+    --not-before "${START}" --not-after "${CA_END}" --ca \
+    --dn "C=CH, O=${PROJECT}, CN=strongSwan Ed25519 Root CA" \
+    --cert-policy "1.3.6.1.4.1.36906.1.1.1" \
+    --cert-policy "1.3.6.1.4.1.36906.1.1.2" \
+    --outform pem > ${ED25519_CERT}
+
+# Put a copy in the swanctl/net2net-ed25519 scenario
+TEST="${TEST_DIR}/swanctl/net2net-ed25519"
+cp ${ED25519_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+cp ${ED25519_CERT} ${TEST}/hosts/sun/${SWANCTL_DIR}/x509ca
+
+# Generate a sun Ed25519 certificate
+SUN_KEY="${TEST}/hosts/sun/${SWANCTL_DIR}/pkcs8/sunKey.pem"
+SUN_CERT="${TEST}/hosts/sun/${SWANCTL_DIR}/x509/sunCert.pem"
+CN="sun.strongswan.org"
+SERIAL="01"
+pki --gen --type ed25519 --outform pem > ${SUN_KEY}
+pki --issue --cakey ${ED25519_KEY} --cacert ${ED25519_CERT} --type ed25519 \
+    --in ${SUN_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Ed25519, CN=${CN}" \
+    --cert-policy "1.3.6.1.4.1.36906.1.1.2" --flag "serverAuth" \
+    --crl ${ED25519_CDP} --outform pem > ${SUN_CERT}
+cp ${SUN_CERT} ${ED25519_DIR}/certs/${SERIAL}.pem
+
+# Generate a moon Ed25519 certificate
+MOON_KEY="${TEST}/hosts/moon/${SWANCTL_DIR}/pkcs8/moonKey.pem"
+MOON_CERT="${TEST}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.pem"
+CN="moon.strongswan.org"
+SERIAL="02"
+pki --gen --type ed25519 --outform pem > ${MOON_KEY}
+pki --issue --cakey ${ED25519_KEY} --cacert ${ED25519_CERT} --type ed25519 \
+    --in ${MOON_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Ed25519, CN=${CN}" \
+    --cert-policy "1.3.6.1.4.1.36906.1.1.1" --flag "serverAuth" \
+    --crl ${ED25519_CDP} --outform pem > ${MOON_CERT}
+cp ${MOON_CERT} ${ED25519_DIR}/certs/${SERIAL}.pem
+
+# Put a copy in the botan/net2net-ed25519 scenario
+TEST="${TEST_DIR}/botan/net2net-ed25519"
+cd ${TEST}/hosts/moon/${SWANCTL_DIR}
+mkdir -p pkcs8 x509 x509ca
+cp ${MOON_KEY}     pkcs8
+cp ${MOON_CERT}    x509
+cp ${ED25519_CERT} x509ca
+cd ${TEST}/hosts/sun/${SWANCTL_DIR}
+mkdir -p pkcs8 x509 x509ca
+cp ${SUN_KEY}      pkcs8
+cp ${SUN_CERT}     x509
+cp ${ED25519_CERT} x509ca
+
+# Put a copy in the ikev2/net2net-ed25519 scenario
+TEST="${TEST_DIR}/ikev2/net2net-ed25519"
+cd ${TEST}/hosts/moon/${IPSEC_DIR}
+mkdir -p cacerts certs private
+cp ${MOON_KEY}     private
+cp ${MOON_CERT}    certs
+cp ${ED25519_CERT} cacerts
+cd ${TEST}/hosts/sun/${IPSEC_DIR}
+mkdir -p cacerts certs private
+cp ${SUN_KEY}      private
+cp ${SUN_CERT}     certs
+cp ${ED25519_CERT} cacerts
+
+# Put a copy in the swanctl/rw-ed25519-certpol scenario
+TEST="${TEST_DIR}/swanctl/rw-ed25519-certpol"
+cp ${MOON_KEY}     ${TEST}/hosts/moon/${SWANCTL_DIR}/pkcs8
+cp ${MOON_CERT}    ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
+cp ${ED25519_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
+cp ${ED25519_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+cp ${ED25519_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+
+# Generate a carol Ed25519 certificate
+TEST_KEY="${TEST}/hosts/carol/${SWANCTL_DIR}/pkcs8/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${SWANCTL_DIR}/x509/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="03"
+pki --gen --type ed25519 --outform pem > ${TEST_KEY}
+pki --issue --cakey ${ED25519_KEY} --cacert ${ED25519_CERT} --type ed25519 \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Ed25519, CN=${CN}" \
+    --cert-policy "1.3.6.1.4.1.36906.1.1.1" --flag "clientAuth" \
+    --crl ${ED25519_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${ED25519_DIR}/certs/${SERIAL}.pem
+
+# Generate a dave Ed25519 certificate
+TEST_KEY="${TEST}/hosts/dave/${SWANCTL_DIR}/pkcs8/daveKey.pem"
+TEST_CERT="${TEST}/hosts/dave/${SWANCTL_DIR}/x509/daveCert.pem"
+CN="dave@strongswan.org"
+SERIAL="04"
+pki --gen --type ed25519 --outform pem > ${TEST_KEY}
+pki --issue --cakey ${ED25519_KEY} --cacert ${ED25519_CERT} --type ed25519 \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Ed25519, CN=${CN}" \
+    --cert-policy "1.3.6.1.4.1.36906.1.1.2" --flag "clientAuth" \
+    --crl ${ED25519_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${ED25519_DIR}/certs/${SERIAL}.pem
+
+################################################################################
+# strongSwan Monster Root CA                                                   #
+################################################################################
+
+# Generate strongSwan Monster Root CA
+pki --gen  --type rsa --size ${MONSTER_CA_RSA_SIZE} --outform pem > ${MONSTER_KEY}
+pki --self --type rsa --in ${MONSTER_KEY} \
+    --not-before "01.05.09 15:00:00" --not-after "01.05.59 15:00:00" --ca \
+    --dn "C=CH, O=${PROJECT}, CN=strongSwan Monster CA" \
+    --outform pem > ${MONSTER_CERT}
+
+# Put a copy in the ikev2/after-2038-certs scenario
+TEST="${TEST_DIR}/ikev2/after-2038-certs"
+cp ${MONSTER_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts/
+cp ${MONSTER_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/cacerts/
+
+# Generate a moon Monster certificate
+TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/moonKey.pem"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/certs/moonCert.pem"
+CN="moon.strongswan.org"
+SERIAL="01"
+pki --gen --type rsa --size ${MONSTER_EE_RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${MONSTER_KEY} --cacert ${MONSTER_CERT} --type rsa \
+    --in ${TEST_KEY} --san ${CN} \
+    --not-before "01.05.09 15:00:00" --not-after "01.05.39 15:00:00" - \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Monster, CN=${CN}" \
+    --crl ${MONSTER_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${MONSTER_DIR}/certs/${SERIAL}.pem
+
+# Generate a carol Monster certificate
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey.pem"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert.pem"
+CN="carol@strongswan.org"
+SERIAL="02"
+pki --gen --type rsa --size ${MONSTER_EE_RSA_SIZE} --outform pem > ${TEST_KEY}
+pki --issue --cakey ${MONSTER_KEY} --cacert ${MONSTER_CERT} --type rsa \
+    --in ${TEST_KEY} --san ${CN} \
+    --not-before "01.05.09 15:00:00" --not-after "01.05.39 15:00:00" - \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=Monster, CN=${CN}" \
+    --crl ${MONSTER_CDP} --outform pem > ${TEST_CERT}
+cp ${TEST_CERT} ${MONSTER_DIR}/certs/${SERIAL}.pem
+
+################################################################################
+# Bliss CA                                                                     #
+################################################################################
+
+# Generate BLISS Root CA with 192 bit security strength
+pki --gen  --type bliss --size 4 > ${BLISS_KEY}
+pki --self --type bliss --in ${BLISS_KEY} --digest sha3_512 \
+    --not-before "${START}" --not-after "${CA_END}" --ca \
+    --dn "C=CH, O=${PROJECT}, CN=strongSwan BLISS Root CA" > ${BLISS_CERT}
+
+# Put a copy in the ikev2/rw-newhope-bliss scenario
+TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
+cp ${BLISS_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/cacerts/
+cp ${BLISS_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/cacerts/
+cp ${BLISS_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts/
+
+# Put a copy in the ikev2/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/ikev2/rw-ntru-bliss"
+cp ${BLISS_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/cacerts/
+cp ${BLISS_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/cacerts/
+cp ${BLISS_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/cacerts/
+
+# Put a copy in the swanctl/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
+cp ${BLISS_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca/
+cp ${BLISS_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca/
+cp ${BLISS_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca/
+
+# Generate a carol BLISS certificate with 128 bit security strength
+TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
+TEST_KEY="${TEST}/hosts/carol/${IPSEC_DIR}/private/carolKey.der"
+TEST_CERT="${TEST}/hosts/carol/${IPSEC_DIR}/certs/carolCert.der"
+CN="carol@strongswan.org"
+SERIAL="01"
+pki --gen --type bliss --size 1 > ${TEST_KEY}
+pki --issue --cakey ${BLISS_KEY} --cacert ${BLISS_CERT} --type bliss \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=BLISS I, CN=${CN}" \
+    --crl ${BLISS_CDP} --digest sha3_512 > ${TEST_CERT}
+cp ${TEST_CERT} ${BLISS_DIR}/certs/${SERIAL}.der
+
+# Put a copy in the ikev2/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/ikev2/rw-ntru-bliss"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private/
+cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs/
+
+# Put a copy in the swanctl/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
+cp ${TEST_KEY} ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss/
+cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509/
+
+# Generate a dave BLISS certificate with 160 bit security strength
+TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
+TEST_KEY="${TEST}/hosts/dave/${IPSEC_DIR}/private/daveKey.der"
+TEST_CERT="${TEST}/hosts/dave/${IPSEC_DIR}/certs/daveCert.der"
+CN="dave@strongswan.org"
+SERIAL="02"
+pki --gen --type bliss --size 3 > ${TEST_KEY}
+pki --issue --cakey ${BLISS_KEY} --cacert ${BLISS_CERT} --type bliss \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=BLISS III, CN=${CN}" \
+    --crl ${BLISS_CDP} --digest sha3_512 > ${TEST_CERT}
+cp ${TEST_CERT} ${BLISS_DIR}/certs/${SERIAL}.der
+
+# Put a copy in the ikev2/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/ikev2/rw-ntru-bliss"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private/
+cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs/
+
+# Put a copy in the swanctl/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
+cp ${TEST_KEY} ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss/
+cp ${TEST_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509/
+
+# Generate a moon BLISS certificate with 192 bit security strength
+TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
+TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/moonKey.der"
+TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/certs/moonCert.der"
+CN="moon.strongswan.org"
+SERIAL="03"
+pki --gen --type bliss --size 4 > ${TEST_KEY}
+pki --issue --cakey ${BLISS_KEY} --cacert ${BLISS_CERT} --type bliss \
+    --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
+    --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=BLISS IV, CN=${CN}" \
+    --crl ${BLISS_CDP} --digest sha3_512 > ${TEST_CERT}
+cp ${TEST_CERT} ${BLISS_DIR}/certs/${SERIAL}.der
+
+# Put a copy in the ikev2/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/ikev2/rw-ntru-bliss"
+cp ${TEST_KEY} ${TEST}/hosts/moon/${IPSEC_DIR}/private/
+cp ${TEST_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/certs/
+
+# Put a copy in the swanctl/rw-ntru-bliss scenario
+TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
+cp ${TEST_KEY} ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss/
+cp ${TEST_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509/

diff --git a/testing/scripts/build-guestimages b/testing/scripts/build-guestimages
index 5116d095e52570c6f0bc3d8cdbcefc907a75466b..23091234aacd823385b84909da51a4a10ee02caa 100755 (executable)
--- a/testing/scripts/build-guestimages
+++ b/testing/scripts/build-guestimages
@@ -65,8 +65,9 @@ do
                echo "/testresults /var/www/testresults 9p trans=virtio,version=9p2000.L 0 0" >> $LOOPDIR/etc/fstab
                execute_chroot "a2enmod -q cgid" 0
                execute_chroot "a2enmod -q rewrite" 0
-               execute_chroot "ln -s /etc/openssl/certs /var/www/certs" 0
-               execute_chroot "/etc/openssl/generate-crl" 0
+               execute_chroot "mkdir /var/www/certs" 0
+               execute_chroot "mkdir /var/www/certs/research /var/www/certs/sales" 0
+               execute_chroot "/etc/ca/generate-crl" 0
                execute_chroot "rm -rf /var/lib/ldap/*" 0
                execute_chroot "slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf" 0
                execute_chroot "chown -R openldap:openldap /var/lib/ldap" 0

diff --git a/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem
deleted file mode 100644 (file)
index 1454ec5..0000000
--- a/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-
-1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
-/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
-/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
-Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
-f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
-LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
-06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
-e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
-3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
-sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
-c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
-UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
-XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
-iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
-Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
-v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
-t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
-8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
-jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
-p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
-7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
-GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
-4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
-yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
-+85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
------END RSA PRIVATE KEY-----

diff --git a/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem
deleted file mode 100644 (file)
index 1454ec5..0000000
--- a/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-
-1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
-/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
-/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
-Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
-f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
-LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
-06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
-e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
-3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
-sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
-c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
-UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
-XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
-iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
-Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
-v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
-t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
-8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
-jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
-p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
-7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
-GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
-4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
-yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
-+85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
------END RSA PRIVATE KEY-----

diff --git a/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem
deleted file mode 100644 (file)
index 1454ec5..0000000
--- a/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-
-1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
-/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
-/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
-Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
-f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
-LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
-06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
-e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
-3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
-sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
-c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
-UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
-XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
-iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
-Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
-v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
-t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
-8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
-jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
-p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
-7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
-GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
-4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
-yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
-+85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
------END RSA PRIVATE KEY-----

diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
index 73e17062d2e801e15080db14e91ab7f64029a923..8421527139b32393a1ced4029b09cc8ecb78b3ba 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
@@ -16,6 +16,6 @@ conn alice
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        rightsubnet=PH_IP_ALICE/32
        auto=add

diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
index 7140befe6ce1a0dd70f8522516d8b23ed599ea86..953fa18ffa4ccea7d357af1f2ccc5ab0657dd538 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
@@ -16,6 +16,6 @@ conn venus
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
index 25716969f1e0e5e64bf6acd91c9d024dc6320902..998fa3f8fca99bbf90a968da80690e29f95433b6 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
@@ -22,12 +22,12 @@ conn alice
        leftsubnet=PH_IP_ALICE/32
        right=PH_IP_CAROL
        rightid=carol@strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=PH_IP_DAVE
        rightid=dave@strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add

diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
index 96da6db1e4df2fae8faa6ef1273df8c8cb4e4ca4..43cbb47f63848cae1eb10c522995a4eb8218f109 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
@@ -13,7 +13,7 @@ conn %default
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn alice
        rightsubnet=PH_IP_ALICE/32

diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
index bafec31f4cfcd3df05065b75ea31d8e3ec61cd41..0cef26c6c656264eaa5f0752578248984115c476 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
@@ -13,7 +13,7 @@ conn %default
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn venus
        rightsubnet=PH_IP_VENUS/32

diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
index 7bae1ab0fda06bd9c65adbb95da05a8c71a937d8..f6224edfb0c4a6ea92ea5a03b3e3369526fa935e 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
@@ -21,11 +21,11 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add

diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
index 3df94ba2d55474786630ff285a27fce16c22d858..09dfafce6191d90935ba0032dbdda4a6db572d00 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
@@ -13,12 +13,12 @@ conn %default
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
index 28389112a5a5b1f69b8eae887aaebacbc83c3367..8f1609e5ee48a5f12541eeeefbdb7c8d8d17d110 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
@@ -13,12 +13,12 @@ conn %default
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
index 2dfd40f99d363961ce4225391141749d15726bde..ec4585411a2e5112dc1c34dc6f30020aed5b11cc 100644 (file)
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -21,11 +21,11 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+       rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+       rightca="C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
        auto=add

diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/aacerts/aa.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
similarity index 100%
rename from testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/aacerts/aa.pem
rename to testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem

diff --git a/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/private/aa.pem b/testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/private/aaKey.pem
similarity index 100%
rename from testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/private/aa.pem
rename to testing/tests/ikev2/acert-cached/hosts/moon/etc/ipsec.d/private/aaKey.pem

diff --git a/testing/tests/ikev2/acert-cached/posttest.dat b/testing/tests/ikev2/acert-cached/posttest.dat
index e5b8d291c641636f92eba719f14647412615f7a8..43c69597c207ffb7a0d20cce9f0f92ed1a39953f 100644 (file)
--- a/testing/tests/ikev2/acert-cached/posttest.dat
+++ b/testing/tests/ikev2/acert-cached/posttest.dat
@@ -7,5 +7,5 @@ dave::iptables-restore < /etc/iptables.flush
 moon::rm /etc/ipsec.d/acerts/carol-sales-finance.pem
 moon::rm /etc/ipsec.d/acerts/dave-sales-expired.pem
 moon::rm /etc/ipsec.d/acerts/dave-marketing.pem
-moon::rm /etc/ipsec.d/private/aa.pem
-moon::rm /etc/ipsec.d/aacerts/aa.pem
+moon::rm /etc/ipsec.d/private/aaKey.pem
+moon::rm /etc/ipsec.d/aacerts/aaCert.pem

diff --git a/testing/tests/ikev2/acert-cached/reissue.txt b/testing/tests/ikev2/acert-cached/reissue.txt
deleted file mode 100644 (file)
index 6ab98f1..0000000
--- a/testing/tests/ikev2/acert-cached/reissue.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-# Carols acert for sales and finance
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
-       --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
-       --group sales --group finance -l 87600 -f pem \
-       > hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
-
-# Daves acert for marketing
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
-       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
-       --group marketing -l 87600 -f pem \
-       > hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
-
-# Daves expired acert for sales
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
-       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
-       --group sales -F "01.01.13 08:00:00" -l 240 -f pem \
-       > hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem

diff --git a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/aacerts/aa.pem b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
similarity index 100%
rename from testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/aacerts/aa.pem
rename to testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem

diff --git a/testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/private/aa.pem b/testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/private/aaKey.pem
similarity index 100%
rename from testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/private/aa.pem
rename to testing/tests/ikev2/acert-fallback/hosts/moon/etc/ipsec.d/private/aaKey.pem

diff --git a/testing/tests/ikev2/acert-fallback/posttest.dat b/testing/tests/ikev2/acert-fallback/posttest.dat
index 2ccb86a4112025247ac6f09c84380deef9811fc2..b90119c6be8978c8a5fede4bc998204d4b8efc27 100644 (file)
--- a/testing/tests/ikev2/acert-fallback/posttest.dat
+++ b/testing/tests/ikev2/acert-fallback/posttest.dat
@@ -4,5 +4,5 @@ moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 carol::rm /etc/ipsec.d/acerts/carol-sales.pem
 carol::rm /etc/ipsec.d/acerts/carol-finance-expired.pem
-moon::rm /etc/ipsec.d/private/aa.pem
-moon::rm /etc/ipsec.d/aacerts/aa.pem
+moon::rm /etc/ipsec.d/private/aaKey.pem
+moon::rm /etc/ipsec.d/aacerts/aaCert.pem

diff --git a/testing/tests/ikev2/acert-fallback/reissue.txt b/testing/tests/ikev2/acert-fallback/reissue.txt
deleted file mode 100644 (file)
index 2e1cd68..0000000
--- a/testing/tests/ikev2/acert-fallback/reissue.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-# Carols expired acert for finance
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
-       --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
-       --group finance -F "01.01.13 08:00:00" -l 240 -f pem \
-       > ./hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
-
-# Carols valid acert for sales
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
-       --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
-       --group sales -l 87600 -f pem \
-       > hosts/carol/etc/ipsec.d/acerts/carol-sales.pem

diff --git a/testing/tests/ikev2/acert-inline/evaltest.dat b/testing/tests/ikev2/acert-inline/evaltest.dat
index 1363354907be3e7bea027725633af4c9be7b55ce..cf0e7be72cbcd3a981780095b61e2c7bc737a988 100644 (file)
--- a/testing/tests/ikev2/acert-inline/evaltest.dat
+++ b/testing/tests/ikev2/acert-inline/evaltest.dat
@@ -3,9 +3,9 @@ dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.s
 moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO
 moon::cat /var/log/daemon.log::constraint check failed: group membership to 'sales' required::YES
-carol::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=strongSwan AA\"::YES
-dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=strongSwan AA\"::YES
-dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=expired AA\"::YES
+carol::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=strongSwan Project, CN=strongSwan Attribute Authority\"::YES
+dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=strongSwan Project, CN=strongSwan Attribute Authority\"::YES
+dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=strongSwan Project, CN=strongSwan Legacy AA\"::YES
 dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
 dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO

diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem b/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aaCert-expired.pem
similarity index 100%
rename from testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem
rename to testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aaCert-expired.pem

diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aa.pem b/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
similarity index 100%
rename from testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aa.pem
rename to testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem

diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aa-expired.pem b/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aaKey-expired.pem
similarity index 100%
rename from testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aa-expired.pem
rename to testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aaKey-expired.pem

diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aa.pem b/testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aaKey.pem
similarity index 100%
rename from testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aa.pem
rename to testing/tests/ikev2/acert-inline/hosts/moon/etc/ipsec.d/private/aaKey.pem

diff --git a/testing/tests/ikev2/acert-inline/posttest.dat b/testing/tests/ikev2/acert-inline/posttest.dat
index a0ef98440905ca29ef580c8377da6fb6d27cdf7f..bd2272b2119d590a644bcda944b16081cb6c2501 100644 (file)
--- a/testing/tests/ikev2/acert-inline/posttest.dat
+++ b/testing/tests/ikev2/acert-inline/posttest.dat
@@ -7,7 +7,7 @@ dave::iptables-restore < /etc/iptables.flush
 carol::rm /etc/ipsec.d/acerts/carol-sales.pem
 dave::rm /etc/ipsec.d/acerts/dave-expired-aa.pem
 dave::rm /etc/ipsec.d/acerts/dave-marketing.pem
-moon::rm /etc/ipsec.d/private/aa-expired.pem
-moon::rm /etc/ipsec.d/private/aa.pem
-moon::rm /etc/ipsec.d/aacerts/aa-expired.pem
-moon::rm /etc/ipsec.d/aacerts/aa.pem
+moon::rm /etc/ipsec.d/private/aaKey-expired.pem
+moon::rm /etc/ipsec.d/private/aaKey.pem
+moon::rm /etc/ipsec.d/aacerts/aaCert-expired.pem
+moon::rm /etc/ipsec.d/aacerts/aaCert.pem

diff --git a/testing/tests/ikev2/acert-inline/reissue.txt b/testing/tests/ikev2/acert-inline/reissue.txt
deleted file mode 100644 (file)
index 994fa0f..0000000
--- a/testing/tests/ikev2/acert-inline/reissue.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-# Carols sales acert
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem --in \
-       ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
-       --group sales -l 87600 -f pem \
-       > hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
-
-# Daves marketing acert
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
-       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
-       --group marketing -l 87600 -f pem
-       > hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
-
-# Daves sales acert from expired AA
-pki --acert \
-       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem \
-       --issuerkey hosts/moon/etc/ipsec.d/private/aa-expired.pem \
-       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
-       --group sales -l 87600 -f pem \
-       > hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem

diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
index c232c43326413a610410b6b3289c67613f261cce..25b05f7f0349161810247c5e6766118035389421 100644 (file)
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
@@ -16,7 +16,7 @@ conn %default
        left=%any
        leftcert=bobCert.pem
 
-conn sun 
+conn sun
        right=PH_IP_SUN1
-       rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=sun.strongswan.org"
        auto=route

diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
index 17fcf0a7a2b9515c78706f890ae0489f9696481f..c44c6bb392550ab0e383ef9114c62c44116234c7 100644 (file)
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
@@ -18,10 +18,10 @@ conn %default
 
 conn alice
        right=PH_IP_ALICE
-       rightid="C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org"
+       rightid="C=CH, O=strongSwan Project, OU=Sales, CN=alice@strongswan.org"
        auto=route
 
-conn sun 
+conn sun
        right=PH_IP_SUN
-       rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=sun.strongswan.org"
        auto=route

diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf
index 69ba4205f7977f0fb457b7f965329f64a21dfffa..1c9a7c4f0a15ac62c2e06dea207076a9adb589df 100644 (file)
--- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf
@@ -6,7 +6,7 @@ config setup
 
 ca strongswan
        cacert=strongswanCert.pem
-       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
+       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=strongSwan Project, c=CH?certificateRevocationList"
        auto=add
 
 conn %default

diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.d/crls/stale.crl
similarity index 100%
rename from testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl
rename to testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.d/crls/stale.crl

diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf
index 25656cbdabde2e31a667723ca1eaa72d7f989a5c..57fb7dd1bcb6e9c31307c23ffa4734eb9c2026ee 100644 (file)
--- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf
@@ -6,7 +6,7 @@ config setup
 
 ca strongswan
        cacert=strongswanCert.pem
-       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
+       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=strongSwan Project, c=CH?certificateRevocationList"
        auto=add
 
 conn %default

diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.d/crls/stale.crl
similarity index 100%
rename from testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl
rename to testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.d/crls/stale.crl

diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf
index 95cd144ba20c7d99166f61ebd4ed20cf1b460956..fa67815e39dd486e18d72fa8dbaf9695315aae04 100644 (file)
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
 
 conn home
        left=PH_IP_CAROL
-       leftcert=carolRevokedCert.pem
+       leftcert=carolCert.pem
        leftid=carol@strongswan.org
        right=PH_IP_MOON
        rightsubnet=10.1.0.0/16

diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
similarity index 100%
rename from testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
rename to testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem

diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
similarity index 100%
rename from testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
rename to testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem

diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.secrets
index 8e31be4cb5110d3783d4ea00b8977cbf1fd4755e..fac55d63bef6f3854291684fef64ee717ba53a3f 100644 (file)
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolRevokedKey.pem
+: RSA carolKey.pem

diff --git a/testing/tests/ikev2/crl-revoked/posttest.dat b/testing/tests/ikev2/crl-revoked/posttest.dat
index d742e8410fbbf6f6844e6038ba2298a205d17a42..c6d6235f9da76c2e037f7e0738c13c51cccf6650 100644 (file)
--- a/testing/tests/ikev2/crl-revoked/posttest.dat
+++ b/testing/tests/ikev2/crl-revoked/posttest.dat
@@ -1,4 +1,2 @@
 moon::ipsec stop
 carol::ipsec stop
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*

diff --git a/testing/tests/ikev2/crl-to-cache/evaltest.dat b/testing/tests/ikev2/crl-to-cache/evaltest.dat
index fe6a55aaefa61938e9f6cce8f24ffccc4cb05abb..f7417da6d9c17b80d7a6475c55dcb338dbe0d198 100644 (file)
--- a/testing/tests/ikev2/crl-to-cache/evaltest.dat
+++ b/testing/tests/ikev2/crl-to-cache/evaltest.dat
@@ -1,4 +1,4 @@
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
-carol::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
+moon:: cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/.*.crl::YES
+carol::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/.*.crl::YES

diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
index 995b347cf4ffa4014e4763b0f50e9d372a47b0e7..9b28c50f5b8517872d7613e2dfb843fda19b3450 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
@@ -5,7 +5,7 @@ config setup
 
 ca strongswan
         cacert=strongswanCert.pem
-        crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
+        crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=strongSwan Project, c=CH?certificateRevocationList"
         auto=add
 
 conn %default
@@ -18,12 +18,12 @@ conn %default
        leftcert=carolCert.pem
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
index 320c0713ce00bd32d44be794995fb2c8d23cf8ef..082c2f2b5d6cc44ab4bc09477460e951d8979e55 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
@@ -5,7 +5,7 @@ config setup
 
 ca strongswan
        cacert=strongswanCert.pem
-       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
+       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=strongSwan Project, c=CH?certificateRevocationList"
        auto=add
 
 conn %default
@@ -18,12 +18,12 @@ conn %default
        leftcert=daveCert.pem
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
index e67c9afb0f60d8548049200d1a7e6b500f41a1c3..deae852d4947b42f5b9d1e193570662eeeab4408 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
@@ -5,19 +5,19 @@ config setup
 
 ca strongswan
        cacert=strongswanCert.pem
-       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
+       crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=strongSwan Project, c=CH?certificateRevocationList"
        auto=add
 
-ca research 
+ca research
         cacert=researchCert.pem
-       crluri="ldap://ldap.strongswan.org/cn=Research CA, ou=Research, o=Linux strongSwan, c=CH?certificateRevocationList"
+       crluri="ldap://ldap.strongswan.org/cn=Research CA, ou=Research, o=strongSwan Project, c=CH?certificateRevocationList"
        auto=add
-       
-ca sales 
+
+ca sales
         cacert=salesCert.pem
-       crluri="ldap://ldap.strongswan.org/cn=Sales CA, ou=Sales, o=Linux strongSwan, c=CH?certificateRevocationList"
+       crluri="ldap://ldap.strongswan.org/cn=Sales CA, ou=Sales, o=strongSwan Project, c=CH?certificateRevocationList"
        auto=add
-                       
+
 conn %default
        ikelifetime=60m
        keylife=20m
@@ -32,11 +32,11 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+       rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+       rightca="C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
index 297e348ea44a6ba110d04af4eedad605a6639ace..e6bd872b028b8b613ff5fb7f0675cb4c93bb812a 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
@@ -17,5 +17,5 @@ conn home
        right=PH_IP_MOON
        rightsubnet=10.1.0.0/16
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
index a3517967a12d362b0b63bda8c51556ac03b07412..e2c8df2d6cdd364423785d144a65ba0e91665843 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
@@ -3,11 +3,6 @@
 config setup
        strictcrlpolicy=yes
 
-ca strongswan
-       cacert=strongswanCert.pem
-       crluri=http://crl.strongswan.org/strongswan.crl
-       auto=add
-
 conn %default
        ikelifetime=60m
        keylife=20m
@@ -21,5 +16,5 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+       rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf
index 297e348ea44a6ba110d04af4eedad605a6639ace..e6bd872b028b8b613ff5fb7f0675cb4c93bb812a 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf
@@ -17,5 +17,5 @@ conn home
        right=PH_IP_MOON
        rightsubnet=10.1.0.0/16
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf
index fe69abe92193ae1a1adb780cad104548c71df09b..e2c8df2d6cdd364423785d144a65ba0e91665843 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf
@@ -3,11 +3,6 @@
 config setup
        strictcrlpolicy=yes
 
-ca strongswan
-       cacert=strongswanCert.pem
-       crluri=http://crl.strongswan.org/not-available.crl
-       auto=add
-
 conn %default
        ikelifetime=60m
        keylife=20m
@@ -21,5 +16,5 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+       rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
index d65d37be2503b269c97f70a6e50591ae93ec71f7..611f25995e76caa3c916fb1c5845ac1b212f9f59 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
@@ -14,12 +14,12 @@ conn %default
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
index 121f7d41aaf0651cb6544a07e19ec9d3dd1f896c..abe0f3ad9acba5de642202ee3f8462fcfcade38b 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
@@ -14,12 +14,12 @@ conn %default
        leftsendcert=ifasked
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
index a49c833b89a9de69f00c55586465fffc97cee6aa..c58de462b3ebd6af514cef14bcd673a244bcf528 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
@@ -22,11 +22,11 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+       rightca="C=CH, O=strongSwan Project, CN=strongSwan Root CA"
        auto=add

diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
index 3a5aaa6b6c9fcf936cd1b74a589cfa6004e2896d..a607a0dc86f659b44371d546a1cd6b58379ee66e 100644 (file)
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -2,11 +2,6 @@
 
 config setup
 
-ca strongswan
-       cacert=strongswanCert.pem
-       crluri=http://crl.strongswan.org/strongswan.crl
-       auto=add
-
 conn %default
        ikelifetime=60m
        keylife=20m
@@ -21,11 +16,11 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+       rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+       rightca="C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
        auto=add

diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf
index 02280ac2f75c526d27733acaee9bccefd8cac053..ea9e55c5faea75b177c68d54a8d96f9d8e37430b 100644 (file)
--- a/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-fragmentation/hosts/moon/etc/strongswan.conf
@@ -3,5 +3,5 @@
 charon {
   load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
 
-  fragment_size = 1024
+  fragment_size = 1088
 }

diff --git a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf
index 02280ac2f75c526d27733acaee9bccefd8cac053..ea9e55c5faea75b177c68d54a8d96f9d8e37430b 100644 (file)
--- a/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-fragmentation/hosts/sun/etc/strongswan.conf
@@ -3,5 +3,5 @@
 charon {
   load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
 
-  fragment_size = 1024
+  fragment_size = 1088
 }

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
index bcc6d5b699be1d2050d644e5fbb72bed8b8d4f82..7c8346b02f000ba0eac5ee3e811b24b317769a97 100644 (file)
--- a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
@@ -13,12 +13,12 @@ conn net-net
        left=PH_IP_MOON
        leftsubnet=10.1.0.0/16
        leftid=@moon.strongswan.org
-       leftsigkey=moonPub.der
+       leftsigkey=moonPub.pem
        leftauth=pubkey
        leftfirewall=yes
        right=PH_IP_SUN
        rightsubnet=10.2.0.0/16
        rightid=@sun.strongswan.org
-       rightsigkey=sunPub.der
+       rightsigkey=sunPub.pem
        rightauth=pubkey
        auto=add

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.pem
similarity index 100%
rename from testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.der
rename to testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.pem

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.pem
similarity index 100%
rename from testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.der
rename to testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.pem

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/private/moonKey.der b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/private/moonKey.der
deleted file mode 100644 (file)
index 49e0111..0000000
Binary files a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/private/moonKey.der and /dev/null differ

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index b9ec17d..0000000
--- a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.der

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
index 4fe2e67de28777ed94bc9b77a84593c8801d8065..e94022fca6d4ef83510a5cba082490f04c6af6c2 100644 (file)
--- a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
@@ -13,10 +13,10 @@ conn net-net
        left=PH_IP_SUN
        leftsubnet=10.2.0.0/16
        leftid=@sun.strongswan.org
-       leftsigkey=sunPub.der
+       leftsigkey=sunPub.pem
        leftfirewall=yes
        right=PH_IP_MOON
        rightsubnet=10.1.0.0/16
        rightid=@moon.strongswan.org
-       rightsigkey=moonPub.der
+       rightsigkey=moonPub.pem
        auto=add

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.pem
similarity index 100%
rename from testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.der
rename to testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.pem

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.pem
similarity index 100%
rename from testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.der
rename to testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.pem

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/private/sunKey.der b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/private/sunKey.der
deleted file mode 100644 (file)
index 7c284f9..0000000
Binary files a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/private/sunKey.der and /dev/null differ

diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.secrets
deleted file mode 100644 (file)
index 6aa9ed5..0000000
--- a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA sunKey.der

diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
similarity index 94%
rename from testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
rename to testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
index 4e2cc2860e99126de92160b41525c6d9f4e01b3a..ea9be3d92f524e5346d0248488e444be4832fbed 100755 (executable)
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-cd /etc/openssl
+cd /etc/ca
 
 echo "Content-type: application/ocsp-response"
 echo ""

diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf
index 630117af986a0630770c3e2f9a832373386e4648..ba484eb5a60d23be081859f2b56eadb5f3a20cc7 100644 (file)
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf
@@ -31,11 +31,11 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+       rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+       rightca="C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
        auto=add

diff --git a/testing/tests/ikev2/ocsp-multi-level/pretest.dat b/testing/tests/ikev2/ocsp-multi-level/pretest.dat
index eedd737ac3ef09ed0d8d42f592649e590a55e3a2..b660f2dcfb1526c583f65e259273d3730cac6ee8 100644 (file)
--- a/testing/tests/ikev2/ocsp-multi-level/pretest.dat
+++ b/testing/tests/ikev2/ocsp-multi-level/pretest.dat
@@ -4,5 +4,7 @@ dave::ipsec start
 moon::expect-connection alice
 carol::expect-connection alice
 carol::ipsec up alice
+carol::ipsec up venus
 dave::expect-connection venus
 dave::ipsec up venus
+dave::ipsec up alice
\ No newline at end of file

diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
similarity index 93%
rename from testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
rename to testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
index 429061376ae96d478b1cc7c51c398e92f4116c4f..8c7b9cd1364eb8c4cb09ad61016059176a845cf8 100755 (executable)
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-cd /etc/openssl
+cd /etc/ca
 
 echo "Content-type: application/ocsp-response"
 echo ""

diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf
index 94eb5862185a7ebb6b68f2fb0e279b3951d49bfa..17225d287ccec39e315efa8e47a14e9b5edf3ee8 100644 (file)
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        left=PH_IP_CAROL
-       leftcert=carolRevokedCert.pem
+       leftcert=carolCert.pem
        leftid=carol@strongswan.org
 
 conn home

diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
rename to testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem

diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
rename to testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem

diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets
index 8e31be4cb5110d3783d4ea00b8977cbf1fd4755e..fac55d63bef6f3854291684fef64ee717ba53a3f 100644 (file)
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolRevokedKey.pem
+: RSA carolKey.pem

diff --git a/testing/tests/ikev2/ocsp-revoked/posttest.dat b/testing/tests/ikev2/ocsp-revoked/posttest.dat
index d742e8410fbbf6f6844e6038ba2298a205d17a42..c6d6235f9da76c2e037f7e0738c13c51cccf6650 100644 (file)
--- a/testing/tests/ikev2/ocsp-revoked/posttest.dat
+++ b/testing/tests/ikev2/ocsp-revoked/posttest.dat
@@ -1,4 +1,2 @@
 moon::ipsec stop
 carol::ipsec stop
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*

diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
index a1bc9b01422da322652d54e73f1f90600e72eb97..17225d287ccec39e315efa8e47a14e9b5edf3ee8 100644 (file)
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        left=PH_IP_CAROL
-       leftcert=carolCert-ocsp.pem
+       leftcert=carolCert.pem
        leftid=carol@strongswan.org
 
 conn home

diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
rename to testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert.pem

diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
rename to testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey.pem

diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.secrets
index a89065443b17d9570139c96048a681d4e9471c87..fac55d63bef6f3854291684fef64ee717ba53a3f 100644 (file)
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolKey-ocsp.pem
+: RSA carolKey.pem

diff --git a/testing/tests/ikev2/ocsp-signer-cert/posttest.dat b/testing/tests/ikev2/ocsp-signer-cert/posttest.dat
index 220bc2c1d69f6ff745371be17e2d76673ade9cb3..c6d6235f9da76c2e037f7e0738c13c51cccf6650 100644 (file)
--- a/testing/tests/ikev2/ocsp-signer-cert/posttest.dat
+++ b/testing/tests/ikev2/ocsp-signer-cert/posttest.dat
@@ -1,4 +1,2 @@
 moon::ipsec stop
 carol::ipsec stop
-carol::rm /etc/ipsec.d/certs/*
-carol::rm /etc/ipsec.d/private/*

diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf
index 27af8e7a89770eac32f57557dd93d6be8ae9ad13..fa68b2a2c9d25a1879246c094b0b0c36b88b6739 100644 (file)
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf
@@ -10,14 +10,14 @@ conn %default
        keyingtries=1
        keyexchange=ikev2
        left=PH_IP_CAROL
-       leftcert=carolCert-ifuri.pem
+       leftcert=carolCert.pem
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem
rename to testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert.pem

diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf
index aa07085f43bd9b950714399722f0e99a6d987530..b007f527b734840e1134003229958a8335053020 100644 (file)
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf
@@ -2,7 +2,7 @@
 
 config setup
        strictcrlpolicy=ifuri
-       
+
 conn %default
        ikelifetime=60m
        keylife=20m
@@ -10,14 +10,14 @@ conn %default
        keyingtries=1
        keyexchange=ikev2
        left=PH_IP_DAVE
-       leftcert=daveCert-ifuri.pem
+       leftcert=daveCert.pem
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
 
 conn alice
        rightsubnet=PH_IP_ALICE/32
        auto=add
-       
+
 conn venus
        rightsubnet=PH_IP_VENUS/32
        auto=add

diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem
rename to testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert.pem

diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf
index 02db316d74815cd8b20e7fa4e999e07fb1771fc0..1ed94f98e39d37cf573a5efc9e607619d6869a6f 100644 (file)
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf
@@ -16,11 +16,11 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+       rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+       rightca="C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
        auto=add

diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
index 816db6e1e26f181b90249fd5078d1bf3e2d02c07..74d363fe1457c191de19fa51f941358ebed9c11e 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
@@ -8,7 +8,7 @@ ca strongswan-ca
         ocspuri1=http://bob.strongswan.org:8800
        ocspuri2=http://ocsp.strongswan.org:8880
        auto=add
-                       
+
 conn %default
        keyexchange=ikev2
        ikelifetime=60m
@@ -16,7 +16,7 @@ conn %default
        rekeymargin=3m
        keyingtries=1
        left=PH_IP_CAROL
-       leftcert=carolCert-ocsp.pem
+       leftcert=carolCert.pem
        leftid=carol@strongswan.org
 
 conn home

diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
rename to testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert.pem

diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey.pem
similarity index 100%
rename from testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
rename to testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey.pem

diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.secrets
index a89065443b17d9570139c96048a681d4e9471c87..fac55d63bef6f3854291684fef64ee717ba53a3f 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolKey-ocsp.pem
+: RSA carolKey.pem

diff --git a/testing/tests/ikev2/ocsp-timeouts-good/posttest.dat b/testing/tests/ikev2/ocsp-timeouts-good/posttest.dat
index 220bc2c1d69f6ff745371be17e2d76673ade9cb3..c6d6235f9da76c2e037f7e0738c13c51cccf6650 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-good/posttest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-good/posttest.dat
@@ -1,4 +1,2 @@
 moon::ipsec stop
 carol::ipsec stop
-carol::rm /etc/ipsec.d/certs/*
-carol::rm /etc/ipsec.d/private/*

diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
similarity index 93%
rename from testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
rename to testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
index 72aa7a6c49f0ef73e5f341e61a6f87cec96b7102..bce963faddf19b0f11161c0d1bbdbb80ce0b2700 100755 (executable)
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-cd /etc/openssl
+cd /etc/ca
 
 echo "Content-type: application/ocsp-response"
 echo ""

diff --git a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
index 6b609f81d48165522b0a42d640e6fd54dbdb5818..e1993fd43a9b5a315ff5f1f768f09c8e0f34725b 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
@@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
 carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
@@ -17,7 +17,7 @@ dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*CN=moo
 moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED::NO
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO 
+dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES

diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf
index dd1b893028d668625eeb82efd53722831edcf168..5d99639bf621a40faf54e5545c6ce29febe02650 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never

diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf
index a46071a3a9b06674eb8da2b84de8a7d6a8d1ad08..93acb09056b0d4b3cd4035fbae9173a82bfa5a4e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never

diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
index f77c31c56851eae407ec68cd625066f5bcb74fa4..7cf9edd2f654ec9eca74e2ae87c1f413f290de38 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
@@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
 carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 dave:: cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES

diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf
index dd1b893028d668625eeb82efd53722831edcf168..5d99639bf621a40faf54e5545c6ce29febe02650 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never

diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf
index a46071a3a9b06674eb8da2b84de8a7d6a8d1ad08..93acb09056b0d4b3cd4035fbae9173a82bfa5a4e 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never

diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf
index 944546ff8371183ee68ca317697bd93ac8d43b93..f343e599db813908caae9f47b56d25b5713060de 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf
@@ -18,5 +18,5 @@ conn home
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
        rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       aaa_identity="C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
        auto=add

diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf
index b1a22e78a16a3cff522d625c975fd213d7bb9356..aa4b9d2a63957856dba8c59472bae80920f02280 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf
@@ -18,5 +18,5 @@ conn home
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
        rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       aaa_identity="C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
        auto=add

diff --git a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
index b2e3ce62071230b3deaac243dab1200e10a14acf..2c1b69ed5f461697ff207947d2a6a38515c271b1 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
@@ -1,8 +1,8 @@
 carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
 moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES

diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
index 756e3835c6735f0bdc5fbc7502f59fa8e182f7ce..c4f8c27ff986295a3c26960c1208d3420d39af09 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
@@ -13,7 +13,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never

diff --git a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
index b53b085f87e4951784f14df2498ab7861e5a6f86..36c054419345e0d999a3a48671b0b0b12f52e614 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
@@ -1,7 +1,7 @@
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with RSA.* successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with RSA.* successful::YES
 carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
 moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES

diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
index 6aaeb160fe5c739382fd0a7ea6d191e67b18f4c6..05702c4367f1fefee33a3fc81b578c54d3512447 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
@@ -13,8 +13,8 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightsubnet=10.1.0.0/16
        rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       aaa_identity="C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
        auto=add

diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf
index deadcff6d88b8e0e0d730d74afea4694ba01c3c0..d82b0d5bfc435ecb38bc5ac17deb8fd4015288bd 100644 (file)
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn rw-eap
        leftcert=moonCert.pem
        leftauth=pubkey
        leftfirewall=yes
-       rightid="C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org"
+       rightid="C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org"
        rightauth=eap-radius
        rightsendcert=never
        right=%any

diff --git a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
index 2285608b8dd27b379bc9908a7bfd45a3200f690b..48aaf24aec395c22558341673c89f500c4b9385a 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
@@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
 carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
 dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES

diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
index 576d2cb9986ad356c19ac93c818a179ad24d5299..9f093b71fdd7b4152e771594d040b170c754a47f 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
@@ -13,7 +13,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never

diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
index ba52ec31eb7cc8ff1a76461fda20440516871461..5f53072e46f30427e5c113f1965fe1997c536ec6 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
@@ -13,7 +13,7 @@ conn home
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
-       rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+       rightid="C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        rightauth=any
        rightsubnet=10.1.0.0/16
        rightsendcert=never

diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
index c18df1c73fa74b65c6e803a3fdb60ee976527df7..5013cfecf7f472dc029e8285beab22ad2c75824b 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
@@ -16,5 +16,5 @@ conn home
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
        rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       aaa_identity="C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
        auto=add

diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
index 2b58fbfca273757aee2d1ca01d50579633f4c972..7e1a6e29e866982317454e07e81c3a0d57aa79eb 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
@@ -16,5 +16,5 @@ conn home
        rightid=@moon.strongswan.org
        rightsubnet=10.1.0.0/16
        rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       aaa_identity="C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
        auto=add

diff --git a/testing/tests/ikev2/rw-pkcs8/description.txt b/testing/tests/ikev2/rw-pkcs8/description.txt
index d5d817f52e4695229bd7cff984ce649a3bb85077..84dd41480fb11bb36045cd567152841226f39f4f 100644 (file)
--- a/testing/tests/ikev2/rw-pkcs8/description.txt
+++ b/testing/tests/ikev2/rw-pkcs8/description.txt
@@ -1,8 +1,8 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
 to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
 and matching RSA private keys stored in the <b>PKCS#8</b> format. <b>moon</b>'s key
 is unencrypted, <b>carol</b>'s key is encrypted with the default PKCS#5 v1.5
-DES algorithm and <b>dave</b>'s key with the PKCS#5 v2.0 3DES algorithm.
+DES algorithm and <b>dave</b>'s key with the PKCS#5 v2.0 AES-128 algorithm.
 <p/>
 Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
 automatically inserts iptables-based firewall rules that let pass the tunneled traffic.

diff --git a/testing/tests/ikev2/strong-keys-certs/description.txt b/testing/tests/ikev2/strong-keys-certs/description.txt
index fc12807291f190a3e92eaa2d63e83b65def9fcfe..0847159f47f0b4cf6e7db599704efc6d198dd2f9 100644 (file)
--- a/testing/tests/ikev2/strong-keys-certs/description.txt
+++ b/testing/tests/ikev2/strong-keys-certs/description.txt
@@ -1,7 +1,7 @@
 This scenario is derived from <a href="../rw-cert"><b>ikev2/rw-cert</b></a>.
-The gateway <b>moon</b> uses a 2048 bit RSA private key protected by <b>AES-128</b>
+The gateway <b>moon</b> uses a 3072 bit RSA private key protected by <b>AES-128</b>
 encryption whereas the roadwarriors <b>carol</b> and <b>dave</b> have an
-<b>AES-192</b> and <b>AES-256</b> envelope, respectively. 
+<b>AES-192</b> and <b>AES-256</b> envelope, respectively.
 The X.509 certificate of the gateway <b>moon</b> uses a <b>SHA-224</b> hash in
 its signature whereas the certificates of the roadwarriors <b>carol</b>
 and <b>dave</b> use <b>SHA-384</b> and <b>SHA-512</b>, respectively.

diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf
index a8183f59e07f170dbafd0dbb84c4e6471cb65fcb..ce9e3841331eb074414850d7cfd23fd7a49384ca 100644 (file)
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf
@@ -15,12 +15,12 @@ conn %default
 conn alice
        leftsubnet=PH_IP_ALICE/32
        right=%any
-       rightid="C=CH, O=Linux strongSwan, OU=Research, CN=*"
+       rightid="C=CH, O=strongSwan Project, OU=Research, CN=*"
        auto=add
-       
+
 conn venus
        leftsubnet=PH_IP_VENUS/32
        right=%any
-       rightid="C=CH, O=Linux strongSwan, OU=Accounting, CN=*"
+       rightid="C=CH, O=strongSwan Project, OU=Accounting, CN=*"
        auto=add
-       
+

diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/swanctl/ecdsa/moonKey.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/swanctl/pkcs8/moonKey.pem
similarity index 100%
rename from testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/swanctl/ecdsa/moonKey.pem
rename to testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/swanctl/pkcs8/moonKey.pem

diff --git a/testing/tests/swanctl/crl-to-cache/evaltest.dat b/testing/tests/swanctl/crl-to-cache/evaltest.dat
index fa61f19fbfdc9dc553a1d6aa5298a57b596baff3..91e34578f809c62b76cc0386cf662fa4af10b450 100644 (file)
--- a/testing/tests/swanctl/crl-to-cache/evaltest.dat
+++ b/testing/tests/swanctl/crl-to-cache/evaltest.dat
@@ -1,8 +1,8 @@
 carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org::NO
 moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org::NO
-moon:: cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
-moon:: cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def_delta.crl::YES
-carol::cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
-carol::cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/5da7dd700651327ee7b66db3b5e5e060ea2e4def_delta.crl::YES
+moon:: cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/.*.crl::YES
+moon:: cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/.*_delta.crl::YES
+carol::cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/.*.crl::YES
+carol::cat /var/log/daemon.log::written crl .*/etc/swanctl/x509crl/.*_delta.crl::YES
 carol::cat /var/log/daemon.log::certificate was revoked::YES
 carol::cat /var/log/daemon.log::no trusted RSA public key found for.*moon.strongswan.org::YES

diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509ca/researchCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509ca/researchCert.pem
deleted file mode 100644 (file)
index d53365f..0000000
--- a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/swanctl/x509ca/researchCert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
-FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
-zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
-/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
-C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
-+wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
-BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
-VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
-FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
-cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
-POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
-xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
-dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
-8sFmiZI=
------END CERTIFICATE-----

diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509ca/salesCert.pem b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509ca/salesCert.pem
deleted file mode 100644 (file)
index a10a18c..0000000
--- a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/swanctl/x509ca/salesCert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
-MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
-GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
-Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
-uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
-sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
-vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
-MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
-VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
-MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
-Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
-CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
-AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
-RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
-M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
------END CERTIFICATE-----

diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index 3a5aaa6..0000000
--- a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
-       cacert=strongswanCert.pem
-       crluri=http://crl.strongswan.org/strongswan.crl
-       auto=add
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftsendcert=ifasked
-       leftid=@moon.strongswan.org
-
-conn alice
-       leftsubnet=PH_IP_ALICE/32
-       right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
-       auto=add
-       
-conn venus
-       leftsubnet=PH_IP_VENUS/32
-       right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
-       auto=add

diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf
index 574887d7e888b8e70c177342be3ed4933f7851d2..8905ebe233b504c220857539bfdef88a5e33cbf6 100755 (executable)
--- a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/swanctl/swanctl.conf
@@ -11,11 +11,11 @@ connections {
       remote {
          auth = pubkey
          cacerts = researchCert.pem
-         revocation = ifuri 
+         revocation = ifuri
       }
       children {
          alice {
-            local_ts  = 10.1.0.10/32 
+            local_ts  = 10.1.0.10/32
             esp_proposals = aes128-sha256-ecp256
          }
       }
@@ -34,7 +34,7 @@ connections {
       remote {
          auth = pubkey
          cacerts = salesCert.pem
-         revocation = ifuri 
+         revocation = ifuri
       }
       children {
          venus {
@@ -46,11 +46,3 @@ connections {
       proposals = aes128-sha256-ecp256
    }
 }
-
-authorities {
-
-   strongswan {
-      cacert = strongswanCert.pem
-      crl_uris = http://crl.strongswan.org/strongswan.crl
-   }
-}

diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
index 73bb5f6b322f92a5be8be0dfaf2d63c33fe342cd..f93e30fcd1c53c3c9690cb471935c86ea2eb68e5 100755 (executable)
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+  load = random pem pkcs1 sha1 sha3 gmp x509 revocation constraints pubkey
 }
 
 charon-systemd {

diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
index 73bb5f6b322f92a5be8be0dfaf2d63c33fe342cd..f93e30fcd1c53c3c9690cb471935c86ea2eb68e5 100755 (executable)
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+  load = random pem pkcs1 sha1 sha3 gmp x509 revocation constraints pubkey
 }
 
 charon-systemd {

diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/ipsec.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index 3a5aaa6..0000000
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
-       cacert=strongswanCert.pem
-       crluri=http://crl.strongswan.org/strongswan.crl
-       auto=add
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftsendcert=ifasked
-       leftid=@moon.strongswan.org
-
-conn alice
-       leftsubnet=PH_IP_ALICE/32
-       right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
-       auto=add
-       
-conn venus
-       leftsubnet=PH_IP_VENUS/32
-       right=%any
-       rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
-       auto=add

diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem
deleted file mode 100644 (file)
index 1454ec5..0000000
--- a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-
-1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
-/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
-/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
-Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
-f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
-LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
-06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
-e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
-3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
-sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
-c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
-UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
-XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
-iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
-Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
-v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
-t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
-8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
-jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
-p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
-7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
-GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
-4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
-yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
-+85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
------END RSA PRIVATE KEY-----

diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem
deleted file mode 100644 (file)
index 1454ec5..0000000
--- a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-
-1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
-/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
-/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
-Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
-f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
-LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
-06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
-e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
-3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
-sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
-c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
-UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
-XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
-iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
-Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
-v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
-t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
-8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
-jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
-p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
-7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
-GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
-4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
-yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
-+85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
------END RSA PRIVATE KEY-----

diff --git a/testing/tests/swanctl/rw-eap-peap-md5/evaltest.dat b/testing/tests/swanctl/rw-eap-peap-md5/evaltest.dat
index 20ec1561e67eaea035086170a1b7abb2059318e6..247aabe179fca35b7ef10fc6aed9668c48879ce3 100644 (file)
--- a/testing/tests/swanctl/rw-eap-peap-md5/evaltest.dat
+++ b/testing/tests/swanctl/rw-eap-peap-md5/evaltest.dat
@@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
 carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
@@ -11,7 +11,7 @@ moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongs
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
 moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-eap-peap-md5/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-peap-md5/hosts/carol/etc/swanctl/swanctl.conf
index db82791b81d7f269d1c22c6783dbd103ac0f2335..c4e478475c9f64d01d47b1c164fc46cc9e582d3d 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-peap-md5/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-peap-md5/hosts/carol/etc/swanctl/swanctl.conf
@@ -10,7 +10,7 @@ connections {
       }
       remote {
          auth = eap-peap
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
       }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-peap-md5/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-peap-md5/hosts/dave/etc/swanctl/swanctl.conf
index 7f3b8104b3cc45b924c581651599c231c758f2b8..b71866726a34bc0cecad8195c9a806e5b0aaa603 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-peap-md5/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-peap-md5/hosts/dave/etc/swanctl/swanctl.conf
@@ -10,7 +10,7 @@ connections {
       }
       remote {
          auth = eap-peap
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
       }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/swanctl/rw-eap-peap-mschapv2/evaltest.dat
index dc56ba850df950168fb5f5149bb81a90f7ff38a9..1093e51ada966f81de5b991af6ed396dbb9cb169 100644 (file)
--- a/testing/tests/swanctl/rw-eap-peap-mschapv2/evaltest.dat
+++ b/testing/tests/swanctl/rw-eap-peap-mschapv2/evaltest.dat
@@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
 carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
 dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 dave:: cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
@@ -11,7 +11,7 @@ moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongs
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
 moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/carol/etc/swanctl/swanctl.conf
index db82791b81d7f269d1c22c6783dbd103ac0f2335..c4e478475c9f64d01d47b1c164fc46cc9e582d3d 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/carol/etc/swanctl/swanctl.conf
@@ -10,7 +10,7 @@ connections {
       }
       remote {
          auth = eap-peap
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
       }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/dave/etc/swanctl/swanctl.conf
index 7f3b8104b3cc45b924c581651599c231c758f2b8..b71866726a34bc0cecad8195c9a806e5b0aaa603 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-peap-mschapv2/hosts/dave/etc/swanctl/swanctl.conf
@@ -10,7 +10,7 @@ connections {
       }
       remote {
          auth = eap-peap
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
       }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-peap-radius/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-peap-radius/hosts/carol/etc/swanctl/swanctl.conf
index 7ffdd1f4ce74491584fbaeb023897d0af251bcec..54849aeecd9911e3983b189540c75707ad7454fc 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-peap-radius/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-peap-radius/hosts/carol/etc/swanctl/swanctl.conf
@@ -7,7 +7,7 @@ connections {
       local {
          auth = eap
          id = carol@strongswan.org
-         aaa_id = "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+         aaa_id = "C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
      }
       remote {
          auth = pubkey

diff --git a/testing/tests/swanctl/rw-eap-peap-radius/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-peap-radius/hosts/dave/etc/swanctl/swanctl.conf
index 97c0b7057d8ba8832bb07d007465453f07cf1287..da69a515d0920f9fb224953cab64b5ffa6261715 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-peap-radius/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-peap-radius/hosts/dave/etc/swanctl/swanctl.conf
@@ -7,7 +7,7 @@ connections {
       local {
          auth = eap
          id = dave@strongswan.org
-         aaa_id = "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+         aaa_id = "C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
       }
       remote {
          auth = pubkey

diff --git a/testing/tests/swanctl/rw-eap-tls-only/evaltest.dat b/testing/tests/swanctl/rw-eap-tls-only/evaltest.dat
index 52dc51a629b41204ad10188b255c6addb8b19f41..48a706d9d6d4ff48fd865f64748bb78718741b44 100644 (file)
--- a/testing/tests/swanctl/rw-eap-tls-only/evaltest.dat
+++ b/testing/tests/swanctl/rw-eap-tls-only/evaltest.dat
@@ -1,10 +1,10 @@
 carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-eap-tls-only/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-only/hosts/carol/etc/swanctl/swanctl.conf
index cc3e770954d658f0a0b124796ea45849cb11dd01..f556f8eba0f70764d76f834c4e28feafe27571d5 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-tls-only/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-tls-only/hosts/carol/etc/swanctl/swanctl.conf
@@ -10,7 +10,7 @@ connections {
       }
       remote {
          auth = eap-tls
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
       }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-tls-radius/evaltest.dat b/testing/tests/swanctl/rw-eap-tls-radius/evaltest.dat
index e3b7cf39ab602eafc58b65bf31ab4f5205268b65..46d88143c48a1354b05aa4b4e39ae1cd608b3c12 100644 (file)
--- a/testing/tests/swanctl/rw-eap-tls-radius/evaltest.dat
+++ b/testing/tests/swanctl/rw-eap-tls-radius/evaltest.dat
@@ -1,9 +1,9 @@
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with RSA.* successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with RSA.* successful::YES
 carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-eap-tls-radius/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-radius/hosts/carol/etc/swanctl/swanctl.conf
index 58786ba876f9c763afbc0171e29d3035e455b046..d8212a43583da1dad4d549b36707d2bc7a0d025b 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-tls-radius/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-tls-radius/hosts/carol/etc/swanctl/swanctl.conf
@@ -7,11 +7,11 @@ connections {
       local {
          auth = eap
          certs = carolCert.pem
-         aaa_id = "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+         aaa_id = "C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
       }
       remote {
          auth = pubkey
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
        }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-tls-radius/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-tls-radius/hosts/moon/etc/swanctl/swanctl.conf
index ebe5ffab7dcd3be36998f58563f03ae71b55115e..afed192d2fbbee30fe31c6aa4ef7f0874d05f354 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-tls-radius/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-tls-radius/hosts/moon/etc/swanctl/swanctl.conf
@@ -9,7 +9,7 @@ connections {
       }
       remote {
          auth = eap-radius
-         id = "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org"
+         id = "C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org"
       }
       children {
          net {

diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
index cae0025f6f6a6ca61b26ce296434c95e9d93c7c8..e426bda2c2d1346198cd01b445f7f83101b4eafb 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+  load = random pem pkcs1 sha1 sha3 gmp x509 revocation constraints pubkey
 }
 
 charon-systemd {

diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
index cae0025f6f6a6ca61b26ce296434c95e9d93c7c8..e426bda2c2d1346198cd01b445f7f83101b4eafb 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+  load = random pem pkcs1 sha1 sha3 gmp x509 revocation constraints pubkey
 }
 
 charon-systemd {

diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
index 9c4e819c503c51a5cc7dbd72082c456f4247dd4f..3b2845dcd8678005069481f92867facdf24f7189 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+  load = random pem pkcs1 sha1 sha3 gmp x509 revocation constraints pubkey
 }
 
 charon-systemd {

diff --git a/testing/tests/swanctl/rw-eap-ttls-only/evaltest.dat b/testing/tests/swanctl/rw-eap-ttls-only/evaltest.dat
index 00282ab2b9aa587f8a4450876261875808f6e9f1..46d6be42a7f168c67a063ed9bf0778751387377f 100644 (file)
--- a/testing/tests/swanctl/rw-eap-ttls-only/evaltest.dat
+++ b/testing/tests/swanctl/rw-eap-ttls-only/evaltest.dat
@@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
 carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
 carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
 dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
 dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
@@ -11,7 +11,7 @@ moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongs
 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
 moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=Linux strongSwan, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=C=CH, O=strongSwan Project, CN=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-eap-ttls-only/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-ttls-only/hosts/carol/etc/swanctl/swanctl.conf
index 184aaa5d3e6ba9175e0712b1b134ad597a74d2b4..96c30e3403ec70eea33b468f2b296e5a1fc4bff9 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-ttls-only/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-ttls-only/hosts/carol/etc/swanctl/swanctl.conf
@@ -10,7 +10,7 @@ connections {
       }
       remote {
          auth = eap-ttls
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
       }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-ttls-only/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-ttls-only/hosts/dave/etc/swanctl/swanctl.conf
index a77bd0079ec55e6090d5223ebdc53df3d1cd8b59..64b711db44f41d4a8c837dbd4813e9fa5d906f57 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-ttls-only/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-ttls-only/hosts/dave/etc/swanctl/swanctl.conf
@@ -10,7 +10,7 @@ connections {
       }
       remote {
          auth = eap-ttls
-         id = "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+         id = "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
       }
       children {
          home {

diff --git a/testing/tests/swanctl/rw-eap-ttls-radius/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-ttls-radius/hosts/carol/etc/swanctl/swanctl.conf
index 7ffdd1f4ce74491584fbaeb023897d0af251bcec..54849aeecd9911e3983b189540c75707ad7454fc 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-ttls-radius/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-ttls-radius/hosts/carol/etc/swanctl/swanctl.conf
@@ -7,7 +7,7 @@ connections {
       local {
          auth = eap
          id = carol@strongswan.org
-         aaa_id = "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+         aaa_id = "C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
      }
       remote {
          auth = pubkey

diff --git a/testing/tests/swanctl/rw-eap-ttls-radius/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-ttls-radius/hosts/dave/etc/swanctl/swanctl.conf
index 97c0b7057d8ba8832bb07d007465453f07cf1287..da69a515d0920f9fb224953cab64b5ffa6261715 100755 (executable)
--- a/testing/tests/swanctl/rw-eap-ttls-radius/hosts/dave/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-eap-ttls-radius/hosts/dave/etc/swanctl/swanctl.conf
@@ -7,7 +7,7 @@ connections {
       local {
          auth = eap
          id = dave@strongswan.org
-         aaa_id = "C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+         aaa_id = "C=CH, O=strongSwan Project, CN=aaa.strongswan.org"
       }
       remote {
          auth = pubkey

diff --git a/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat b/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat
index b2958919a3aa80459776efb3b4a4e58b5becf94e..dc9abe557009160b3994cd0a5e5889e97fe37e93 100755 (executable)
--- a/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat
+++ b/testing/tests/swanctl/rw-pubkey-anon/evaltest.dat
@@ -1,9 +1,9 @@
 alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
 alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=0d:36:.*:cc:90 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=67:f6:.*:40:80 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.100 remote-port=4500 remote-id=0d:36:.*:cc:90.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.200 remote-port=4500 remote-id=67:f6:.*:40:80.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=..:..:.* remote-host=192.168.0.1 remote-port=4500 remote-id=..:..:.* initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=..:..:.* remote-host=192.168.0.1 remote-port=4500 remote-id=..:..:.* initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=..:..:.* remote-host=192.168.0.100 remote-port=4500 remote-id=..:..:.* encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=..:..:.* remote-host=192.168.0.200 remote-port=4500 remote-id=..:..:.* encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/swanctl/rsa/carolKey.pem
deleted file mode 100644 (file)
index 1454ec5..0000000
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-
-1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
-/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
-/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
-Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
-f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
-LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
-06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
-e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
-3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
-sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
-c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
-UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
-XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
-iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
-Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
-v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
-t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
-8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
-jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
-p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
-7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
-GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
-4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
-yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
-+85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
------END RSA PRIVATE KEY-----

diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/swanctl/swanctl.conf
index f1a074fed64c1969e30d50abdab2dba5cef4dba3..a322ca17f25c6ab954016cfd0f75d0554ba4066d 100755 (executable)
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/swanctl/swanctl.conf
@@ -2,7 +2,7 @@ connections {
 
    home {
       local_addrs  = 192.168.0.100
-      remote_addrs = 192.168.0.1 
+      remote_addrs = 192.168.0.1
 
       local {
          auth = pubkey
@@ -10,11 +10,11 @@ connections {
       }
       remote {
          auth = pubkey
-         pubkeys = moonPub.pem 
+         pubkeys = moonPub.pem
       }
       children {
          home {
-            remote_ts = 10.1.0.0/16 
+            remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
             esp_proposals = aes128gcm128-ecp256
@@ -24,11 +24,3 @@ connections {
       proposals = aes128-sha256-ecp256
    }
 }
-
-secrets {
-
-   rsa-carol {
-      file = carolKey.pem
-      secret = "nH5ZQEWtku0RJEZ6"
-   }
-}

diff --git a/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat b/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat
index 2dfc3cf41655ae4d20dd431c96579e893629d595..1b172ee67ef0751c1943367c8b8b61dc7b213edf 100755 (executable)
--- a/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat
+++ b/testing/tests/swanctl/rw-pubkey-keyid/evaltest.dat
@@ -1,9 +1,9 @@
 alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
 alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=0d:36:.*:cc:90 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=67:f6:.*:40:80 remote-host=192.168.0.1 remote-port=4500 remote-id=42:91:.*:f7:60 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-carol.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.100 remote-port=4500 remote-id=0d:36:.*:cc:90.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-dave.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=42:91:.*:f7:60 remote-host=192.168.0.200 remote-port=4500 remote-id=67:f6:.*:40:80.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=..:..:.* remote-host=192.168.0.1 remote-port=4500 remote-id=..:..:.* initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=..:..:.* remote-host=192.168.0.1 remote-port=4500 remote-id=..:..:.* initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-carol.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=..:..:.* remote-host=192.168.0.100 remote-port=4500 remote-id=..:..:.* encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-dave.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=..:..:.* remote-host=192.168.0.200 remote-port=4500 remote-id=..:..:.* encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES

diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/rsa/carolKey.pem
deleted file mode 100644 (file)
index 1454ec5..0000000
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/rsa/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
-
-1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
-/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
-/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
-Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
-f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
-LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
-06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
-e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
-3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
-sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
-c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
-UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
-XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
-iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
-Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
-v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
-t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
-8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
-jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
-p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
-7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
-GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
-4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
-yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
-+85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
------END RSA PRIVATE KEY-----

diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/swanctl.conf
index f1a074fed64c1969e30d50abdab2dba5cef4dba3..a322ca17f25c6ab954016cfd0f75d0554ba4066d 100755 (executable)
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/swanctl/swanctl.conf
@@ -2,7 +2,7 @@ connections {
 
    home {
       local_addrs  = 192.168.0.100
-      remote_addrs = 192.168.0.1 
+      remote_addrs = 192.168.0.1
 
       local {
          auth = pubkey
@@ -10,11 +10,11 @@ connections {
       }
       remote {
          auth = pubkey
-         pubkeys = moonPub.pem 
+         pubkeys = moonPub.pem
       }
       children {
          home {
-            remote_ts = 10.1.0.0/16 
+            remote_ts = 10.1.0.0/16
 
             updown = /usr/local/libexec/ipsec/_updown iptables
             esp_proposals = aes128gcm128-ecp256
@@ -24,11 +24,3 @@ connections {
       proposals = aes128-sha256-ecp256
    }
 }
-
-secrets {
-
-   rsa-carol {
-      file = carolKey.pem
-      secret = "nH5ZQEWtku0RJEZ6"
-   }
-}

diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
index a327dae633a781215fe9574efd9235c7fa8377ce..d5d6fa5831a7bd6091ec7a47dbb9db3472d740b0 100644 (file)
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
@@ -5,10 +5,10 @@ carol::cat /var/log/auth.log::received SASL Success result::YES
 carol::cat /var/log/auth.log::collected ... SW ID events::YES
 carol::cat /var/log/auth.log::collected 3 SW records::YES
 alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
-alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
+alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=strongSwan Project, OU=Accounting, CN=dave@strongswan.org::YES
 alice::cat /var/log/daemon.log::certificate status is good::YES
 alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
-alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
+alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=strongSwan Project, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
 alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::role=.softwareCreator licensor tagCreator::YES
 alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES

diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index bded669dad329fba53ab788288b3a8f592666c4a..2e40603fde4d4929044557fbf5ff1c911f3777e0 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
@@ -5,10 +5,10 @@ carol::cat /var/log/auth.log::collected ... SW ID records::YES
 carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES
 carol::cat /var/log/auth.log::collected 1 SW record::YES
 alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
-alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
+alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=strongSwan Project, OU=Accounting, CN=dave@strongswan.org::YES
 alice::cat /var/log/daemon.log::certificate status is good::YES
 alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
-alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
+alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=strongSwan Project, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
 alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
 alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
 moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES

diff --git a/testing/tests/tnc/tnccs-20-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-tls/evaltest.dat
index bed92fc3864b54ee422cae1fe7aa141e56c6e60a..3cf7e6bd54f4af9f2f08152cf2cf21628e328793 100644 (file)
--- a/testing/tests/tnc/tnccs-20-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-tls/evaltest.dat
@@ -5,13 +5,13 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::Y
 dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
-moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
-moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' with EAP successful::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw  2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw  2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, OU=Accounting, CN=dave@strongswan.org' with EAP successful::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=C=CH, O=strongSwan Project, OU=Accounting, CN=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw  2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw  2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=C=CH, O=strongSwan Project, OU=Accounting, CN=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
 carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
 dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES