From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 26 May 2017 11:49:51 +0000 (+0200)
Subject: testing: Fix ikev2/two-certs scenario
X-Git-Tag: 5.5.3~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0da10b73addd8c181bed0772c7eac32d28d8af77;p=thirdparty%2Fstrongswan.git

testing: Fix ikev2/two-certs scenario

Since 6a8a44be88b0 the certificate received by the client is verified
first, before checking the cached certificates for any with matching
identities.  So we usually don't have to attempt to verify the signature
with wrong certificates first and can avoid this message.
---

diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat
index 422c76e2ed..41601102fc 100644
--- a/testing/tests/ikev2/two-certs/evaltest.dat
+++ b/testing/tests/ikev2/two-certs/evaltest.dat
@@ -2,7 +2,7 @@ moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongs
 moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES
+moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::NO
 moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES