Add test case for authentication with locally stored peer certificates.

author tobhe <tobhe@openbsd.org>

Tue, 7 Dec 2021 17:26:14 +0000 (17:26 +0000)

committer tobhe <tobhe@openbsd.org>

Tue, 7 Dec 2021 17:26:14 +0000 (17:26 +0000)
author tobhe <tobhe@openbsd.org>
Tue, 7 Dec 2021 17:26:14 +0000 (17:26 +0000)
committer tobhe <tobhe@openbsd.org>
Tue, 7 Dec 2021 17:26:14 +0000 (17:26 +0000)
diff --git a/regress/sbin/iked/live/Makefile b/regress/sbin/iked/live/Makefile

index 9710025..69ad27a 100644 (file)
--- a/regress/sbin/iked/live/Makefile
+++ b/regress/sbin/iked/live/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.32 2021/12/05 20:21:14 tobhe Exp $
+#      $OpenBSD: Makefile,v 1.33 2021/12/07 17:26:14 tobhe Exp $
  
  # Copyright (c) 2020 Tobias Heider <tobhe@openbsd.org>
  #
@@ -208,16 +208,21 @@ cleanup:
             rm -f /tmp/pf.conf; pfctl -d; pfctl -f /etc/pf.conf;'
  
  setup_certs: ca-both.crt left-from-ca-both.crt left.key right-from-ca-both.crt \
-    right.key ca-left.crt right-from-ca-left.crt ca-right.crt left-from-ca-right.crt
+    right.key ca-left.crt right-from-ca-left.crt ca-right.crt left-from-ca-right.crt \
+    ca-none.crt left-from-ca-none.crt right-from-ca-none.crt
         echo "cd /etc/iked\n \
             put left-from-ca-both.crt certs\n \
             put left-from-ca-right.crt certs\n \
+           put left-from-ca-none.crt certs\n \
+           put right-from-ca-none.crt certs\n \
             put left.key private/local.key\n \
             put ca-left.crt ca\n \
             put ca-both.crt ca\n" | sftp ${LEFT_SSH} -q; \
         echo "cd /etc/iked\n \
             put right-from-ca-both.crt certs\n \
             put right-from-ca-left.crt certs\n \
+           put right-from-ca-none.crt certs\n \
+           put left-from-ca-none.crt certs\n \
             put right.key private/local.key\n \
             put ca-right.crt ca\n \
             put ca-both.crt ca\n" | sftp ${RIGHT_SSH} -q; \
@@ -261,6 +266,15 @@ ca-right.crt ca-right.key:
  left-from-ca-right.crt left.key: ca-right.crt ca-right.key
         caname=ca-right; name=left; ${SETUP_CERT}
  
+ca-none.crt ca-none.key:
+       caname=ca-none; ${SETUP_CA}
+
+left-from-ca-none.crt left.key: ca-none.crt ca-none.key
+       caname=ca-none; name=left; ${SETUP_CERT}
+
+right-from-ca-none.crt right.key: ca-none.crt ca-none.key
+       caname=ca-none; name=right; ${SETUP_CERT}
+
  REGRESS_TARGETS = run-ping-fail
  run-ping-fail:
         ssh ${LEFT_SSH} "ipsecctl -F; pkill iked || true"
@@ -286,6 +300,15 @@ run-cert-single-ca-asn1dn:
         flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
         ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
  
+REGRESS_TARGETS += run-cert-no-ca
+run-cert-no-ca:
+       leftid=left-from-ca-none; \
+       rightid=right-from-ca-none; \
+           ${SETUP_CONFIGS}
+       ${SETUP_START}
+       flowtype=esp; ${TEST_FLOWS}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+       ${TEST_PING}; if [[ $$_ret -ne 0 ]]; then exit 1; fi
+
  REGRESS_TARGETS += run-config-address
  run-config-address:
         flowtype=esp; \
author	tobhe <tobhe@openbsd.org>
	Tue, 7 Dec 2021 17:26:14 +0000 (17:26 +0000)
committer	tobhe <tobhe@openbsd.org>
	Tue, 7 Dec 2021 17:26:14 +0000 (17:26 +0000)