use DNs in tnc/tnccs-20-tls scenario
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 3 Mar 2013 09:47:17 +0000 (10:47 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 3 Mar 2013 09:47:17 +0000 (10:47 +0100)
testing/tests/tnc/tnccs-20-tls/evaltest.dat
testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf
testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf
testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf

index bac7294..40d5e24 100644 (file)
@@ -7,9 +7,9 @@ dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::
 dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
-moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
 moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
-moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' with EAP successful::YES
 moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
 moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
index e9b78bc..eece9f2 100644 (file)
@@ -13,7 +13,6 @@ conn %default
 conn home
        left=PH_IP_CAROL
        leftcert=carolCert.pem
-       leftid=carol@strongswan.org
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
index 75d84e2..3620426 100644 (file)
@@ -13,7 +13,6 @@ conn %default
 conn home
        left=PH_IP_DAVE
        leftcert=daveCert.pem
-       leftid=dave@strongswan.org
        leftauth=eap
        leftfirewall=yes
        right=PH_IP_MOON
index 2ffc7e9..0ec9302 100644 (file)
@@ -29,6 +29,6 @@ conn rw-eap
        leftauth=eap-ttls
        leftfirewall=yes
        rightauth=eap-ttls
-       rightid=*@strongswan.org
+       rightid="C=CH, O=Linux strongSwan, OU=*, CN=*"
        rightsendcert=never
        right=%any