From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 7 Nov 2023 10:21:14 +0000 (+0100)
Subject: testing: Use a single OCSP responder for ikev2-multi-ca/ocsp-signers scenario
X-Git-Tag: 5.9.12rc1~2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=801c6c32e5f5939bb7ede30502ead05c991d0a3b;p=thirdparty%2Fstrongswan.git

testing: Use a single OCSP responder for ikev2-multi-ca/ocsp-signers scenario

This demonstrates the multi-CA capabilities of the pki --ocsp command.
---

diff --git a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf
index c5beb2cde9..fb6e7cb9f6 100755
--- a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf
+++ b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/moon/etc/swanctl/swanctl.conf
@@ -11,11 +11,11 @@ connections {
       remote {
          auth = pubkey
          cacerts = researchCert.pem
-         revocation = ifuri 
+         revocation = ifuri
       }
       children {
          alice {
-            local_ts  = 10.1.0.10/32 
+            local_ts  = 10.1.0.10/32
             esp_proposals = aes128-sha256-ecp256
          }
       }
@@ -34,7 +34,7 @@ connections {
       remote {
          auth = pubkey
          cacerts = salesCert.pem
-         revocation = ifuri 
+         revocation = ifuri
       }
       children {
          venus {
@@ -56,11 +56,11 @@ authorities {
 
    research {
       cacert = researchCert.pem
-      ocsp_uris = http://ocsp.strongswan.org:8881
+      ocsp_uris = http://ocsp.strongswan.org:8880
    }
 
    sales {
       cacert = salesCert.pem
-      ocsp_uris = http://ocsp.strongswan.org:8882
+      ocsp_uris = http://ocsp.strongswan.org:8880
    }
 }
diff --git a/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
new file mode 100644
index 0000000000..f0942445c5
--- /dev/null
+++ b/testing/tests/ikev2-multi-ca/ocsp-signers/hosts/winnetou/etc/ca/ocsp/ocsp.cgi
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+cd /etc/ca
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+cat | pki --ocsp --respond \
+		  --cacert strongswanCert.pem --index index.txt \
+		  --cert ocspCert.pem --key ocspKey.pem \
+		  --cacert research/researchCert.pem --index research/index.txt \
+		  --cert research/ocspCert.pem --key research/ocspKey.pem \
+		  --cacert sales/salesCert.pem --index sales/index.txt \
+		  --cert sales/ocspCert.pem --key sales/ocspKey.pem \
+		  --lifetime 5 --debug 0