Annotation of embedaddon/strongswan/testing/tests/ikev2/ocsp-strict-ifuri/description.txt, revision 1.1
1.1 ! misho 1: This scenario tests the <b>strictcrlpolicy=ifuri</b> option which enforces a
! 2: strict CRL policy for a given CA if at least one OCSP or CRL URI is known
! 3: for this CA at the time of the certificate trust path verification.
! 4: On the gateway <b>moon</b> two different Intermediate CAs control the access
! 5: to the hosts <b>alice</b> and <b>venus</b>. Access to <b>alice</b> is granted
! 6: to users presenting a certificate issued by the Research CA whereas <b>venus</b>
! 7: can only be reached with a certificate issued by the Sales CA.
! 8: <p>
! 9: The roadwarrior <b>carol</b> has a certificate from the Research CA which does not
! 10: contain any URIs. Therefore a strict CRL policy is <b>not</b> enforced and the
! 11: connection setup succeeds, although the certificate status is unknown.
! 12: </p>
! 13: <p>
! 14: The roadwarrior <b>dave</b> has a certificate from the Sales CA which contains
! 15: a single OCSP URI but which is not resolvable. Thus because of the known URI
! 16: a strict CRL policy is enforced and the unknown certificate status causes the
! 17: connection setup to fail.
! 18: </p>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / ikev2 / ocsp-strict-ifuri