strongSwan KVM Tests / ikev2 / ocsp-no-signer-cert
Test ikev2/ocsp-no-signer-cert
Description
By setting revocation = strict, a strict CRL policy is enforced on both roadwarrior carol and gateway moon. The online certificate status is checked via the OCSP server winnetou which is sending a normal host certificate not containing an OCSPSigning extended key usage flag. As a consequence the OCSP signing certificate is not accepted and the connection setup is aborted.