testing/tests/ikev2/ocsp-untrusted-cert/description.txt - manifest_repos/strongswan - Git at Google

 By setting <b>revocation = strict</b>, a <b>strict</b> CRL policy is enforced on
 both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
 is checked via the OCSP server <b>winnetou</b> which is sending its <b>self-signed</b>
 OCSP signer certificate.
 <p/>
 <b>carol</b> cannot successfully initiate an IPsec connection to <b>moon</b> since
 the self-signed certificate contained in the OCSP response will not be
 accepted by <b>moon</b>.
	By setting <b>revocation = strict</b>, a <b>strict</b> CRL policy is enforced on
	both roadwarrior <b>carol</b> and gateway <b>moon</b>. The online certificate status
	is checked via the OCSP server <b>winnetou</b> which is sending its <b>self-signed</b>
	OCSP signer certificate.
	<p/>
	<b>carol</b> cannot successfully initiate an IPsec connection to <b>moon</b> since
	the self-signed certificate contained in the OCSP response will not be
	accepted by <b>moon</b>.