]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ee4a33)
testing: Speed up OCSP scenarios
authorTobias Brunner <tobias@strongswan.org>
Thu, 5 Nov 2015 14:03:06 +0000 (15:03 +0100)
committerTobias Brunner <tobias@strongswan.org>
Mon, 9 Nov 2015 14:18:35 +0000 (15:18 +0100)
Don't make clients wait for the TCP connections to timeout by dropping
packets.  By rejecting them the OCSP requests fail immediately.

testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat patch | blob | blame | history
testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat patch | blob | blame | history
testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat patch | blob | blame | history

diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
index 9d3999937ea8afb8f4b8cd8588b5363a45934936..6296b4e069a34ad1c8561631367e8aeb1978beaf 100644 (file)
--- a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
@@ -1,4 +1,4 @@
-moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
 moon::ipsec start
 carol::ipsec start
 carol::expect-connection home
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
index 2006925af11bb970efb3e0ed87dacbab39a1e818..a43ba3550777c090519d20952a513b787ba9bdbd 100644 (file)
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
@@ -1,5 +1,5 @@
-moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
-carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
+carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
 moon::ipsec start
 carol::ipsec start
 carol::expect-connection home
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
index 9d3999937ea8afb8f4b8cd8588b5363a45934936..6296b4e069a34ad1c8561631367e8aeb1978beaf 100644 (file)
--- a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
@@ -1,4 +1,4 @@
-moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
 moon::ipsec start
 carol::ipsec start
 carol::expect-connection home
Unnamed repository; edit this file 'description' to name the repository.