delay OCSP response by 5 seconds
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 20 Mar 2007 04:35:16 +0000 (04:35 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 20 Mar 2007 04:35:16 +0000 (04:35 -0000)
testing/tests/ikev2/ocsp-timeouts/description.txt
testing/tests/ikev2/ocsp-timeouts/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi [new file with mode: 0755]

index 3e29fe4..9ee5db9 100644 (file)
@@ -3,4 +3,8 @@ and tests the timeouts of the <b>libcurl</b> library used for http-based OCSP fe
 by adding an ocspuri2 in <b>moon</b>'s strongswan ca section that cannot be resolved by
 <b>DNS</b> and an ocspuri2 in <b>carol</b>'s strongswan ca section on which no
 OCSP server is listening. Thanks to timeouts the connection can nevertheless
-be established successfully. 
+be established successfully by contacting a valid OCSP URI contained in
+<b>carol</b>'s certificate.
+<p>
+As an additional test the OCSP response is delayed by 5 seconds in order to check
+the correct handling of retransmitted IKE_AUTH messages.
diff --git a/testing/tests/ikev2/ocsp-timeouts/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-timeouts/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
new file mode 100755 (executable)
index 0000000..92aa920
--- /dev/null
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd /etc/openssl
+
+echo "Content-type: application/ocsp-response"
+echo ""
+
+# simulate a delayed response
+sleep 5 
+
+/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+                      -rkey ocspKey.pem -rsigner ocspCert.pem \
+                     -nmin 5 \
+                     -reqin /dev/stdin -respout /dev/stdout