This scenario is based on ikev2/ocsp-signer-cert and tests the timeouts of the libcurl library used for http-based OCSP fetching by adding an ocspuri2 in moon's strongswan ca section that cannot be resolved by DNS and an ocspuri2 in carol's strongswan ca section on which no OCSP server is listening. Thanks to timeouts the connection can nevertheless be established successfully by contacting a valid OCSP URI contained in carol's certificate.
As an additional test the OCSP response is delayed by a few seconds in order to check the correct handling of retransmitted IKE_AUTH messages.