sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-08 00:00:29 -05:00
Code Issues Projects Releases Wiki Activity
17,528 Commits 104 Branches 331 Tags
Commit Graph

1835 Commits

Author SHA1 Message Date
Tobias Brunner
0d84b32e82 testing: Add Linux 5.8 kernel config 
Enables TCP encap for ESP.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
5747ec4eae testing: Use host's /dev/urandom as /dev/random on guests via VirtIO RNG 
Newer versions of systemd etc. seem to require quite a lot of entropy
from /dev/random while booting, which can block and therefore delay the
start of other services (in particular sshd) by more than a minute.
Using the host's /dev/urandom via VirtIO RNG, we can avoid blocking the
guests.

The required kernel options are added for kernel versions 5.4+.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
ad7d712cb5 testing: Support build with Debian buster base image 2020-09-03 13:33:32 +02:00
Andreas Steffen
2205c75bad Version bump to 5.9.0 2020-07-29 13:08:09 +02:00
Andreas Steffen
2eec7efd46 Version bump to 5.9.0rc1 2020-07-21 22:43:36 +02:00
Tobias Brunner
59455137b4 Use Botan 2.15.0 for tests 2020-07-20 16:58:03 +02:00
Tobias Brunner
f2d240954a testing: Skip tests with missing files, don't abort the test run 
This allows simple test configs in testing/tests/local that are no
actual test cases.
 2020-06-23 16:24:18 +02:00
Andreas Steffen
d470422974 Version bump to 5.9.0dr2 2020-06-14 12:15:44 +02:00
Tobias Brunner
84bce03a64 testing: Fix SQL scenarios after preferring AEAD for ESP 
sql/net2net-route|start-pem seem to be the only ones that configure a
proposal via database.
 2020-06-12 13:45:58 +02:00
Tobias Brunner
4261f915d6 testing: Fix ikev2/net2net-fragmentation scenario 
The IKE_AUTH message from moon is now larger because of the AEAD proposal.
 2020-06-12 13:45:58 +02:00
Andreas Steffen
12e4dbb231 Version bump to 5.9.0dr1 2020-06-06 15:02:42 +02:00
Tobias Brunner
e0b1b12028 Use Botan 2.14.0 for tests 
Requires at least GCC 5.0 to build with `--amalgamation`, so it's
disabled for our Ubuntu 16.04 build.
 2020-04-07 16:37:27 +02:00
Andreas Steffen
3273667b0b Version bump to 5.8.4 2020-03-29 12:49:52 +02:00
Andreas Steffen
0728387ea9 Version bump to 5.8.3 2020-03-24 16:01:04 +01:00
Andreas Steffen
c88a4996fa Version bump to 5.8.3rc1 2020-03-19 08:43:10 +01:00
Andreas Steffen
68e8fedccb Version bump to 5.8.3dr1 2020-03-04 22:27:13 +01:00
Josh Soref
b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner
b0b928dd0a Use Botan 2.13.0 for tests 2020-01-16 08:30:47 +01:00
Andreas Steffen
e5f18a46b7 Version bump to 5.8.2 2019-12-17 14:30:41 +01:00
Andreas Steffen
b9eade0ca2 Version bump to 5.8.2rc2 2019-12-16 22:11:43 +01:00
Andreas Steffen
c2d6ac1124 Version bump to 5.8.2rc1 2019-12-07 23:06:22 +01:00
Martin Willi
f95d512251 testing: Use identity based CA restrictions in rw-hash-and-url-multi-level 
This is a prominent example where the identity based CA constraint is
benefical. While the description of the test claims a strict binding
of the client to the intermediate CA, this is not fully true if CA operators
are not fully trusted: A rogue OU=Sales intermediate may issue certificates
containing a OU=Research.

By binding the connection to the CA, we can avoid this, and using the identity
based constraint still allows moon to receive the intermediate over IKE
or hash-and-url.
 2019-12-06 10:07:47 +01:00
Andreas Steffen
ccaedf8761 Version bump to 5.8.2dr2 2019-11-26 22:36:55 +01:00
Tobias Brunner
91dabace11 testing: Add scenario with hash-and-URL encoding for intermediate CA certificates 2019-11-26 11:12:26 +01:00
Tobias Brunner
29b4b2e8e2 testing: Import sys in Python updown script 2019-11-21 16:57:25 +01:00
Tobias Brunner
662574386a testing: Accept LANG and LC_* env variables via SSH on guests 
The client config already includes SendEnv for them.  Without that these
variables currently default to POSIX.
 2019-11-14 16:11:03 +01:00
zhangkaiheb@126.com
a5b3c62091 testing: Remove unused connection definition in ikev2/force-udp-encaps 2019-11-07 11:35:43 +01:00
zhangkaiheb@126.com
9d8d85f23c testing: Fix SHA description in ikev*/esp-alg-null scenarios 2019-11-07 11:33:09 +01:00
Andreas Steffen
4f4e026d3b Version bump to 5.8.2dr1 2019-10-18 16:26:41 +02:00
Andreas Steffen
f05e9eebb0 testing: Added drbg plugin where required 2019-10-18 16:24:39 +02:00
Tobias Brunner
9cc24ca39e Use Botan 2.12.1 for tests 2019-10-14 11:43:58 +02:00
Tobias Brunner
0736882678 Use Botan 2.12.0 for tests 2019-10-07 14:31:40 +02:00
Andreas Steffen
1e38151b30 Version bump to 5.8.1 2019-09-02 14:39:16 +02:00
Andreas Steffen
7cfe85cc85 Version bump to 5.8.1rc2 2019-08-29 11:15:18 +02:00
Andreas Steffen
d2b771203f Version bump to 5.8.1rc1 2019-08-28 16:38:40 +02:00
Tobias Brunner
17c9972252 Fixed some typos, courtesy of codespell 2019-08-28 14:03:41 +02:00
Tobias Brunner
b9949e98c2 Some whitespace fixes 
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
 2019-08-22 15:18:06 +02:00
Tobias Brunner
de07b77442 Use Botan 2.11.0 for tests 2019-07-02 11:35:21 +02:00
Andreas Steffen
ab1aa03bf5 Version bump to 5.8.1dr1 2019-06-26 17:32:33 +02:00
Andreas Steffen
55dd0361b8 Version bump to 5.8.0 2019-05-20 12:31:08 +02:00
Andreas Steffen
74ac0c9efd Version bump to 5.8.0rc1 2019-05-10 12:55:48 +02:00
Andreas Steffen
47879ca638 testing: Use strongswan systemd service 2019-05-10 12:55:09 +02:00
Andreas Steffen
6d8e6ec61b testing: Load PEM keys in ikev2/net2-net-rsa scenario 2019-05-10 12:54:28 +02:00
Andreas Steffen
c9d898c9f4 testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario 2019-05-10 12:53:33 +02:00
Tobias Brunner
27f6d37544 testing: Return an error if any command in the certificate build script fails 2019-05-08 14:56:48 +02:00
Tobias Brunner
d3f678c08f testing: Build certificates before guests after building strongSwan 
If the script is run on a clean working copy, building the guests will
fail if the certificates don't exist.
 2019-05-08 14:56:48 +02:00
Tobias Brunner
287149cbf9 testing: Automatically build guest images after generating certificates 
This (re-)generates the CRLs on winnetou.
 2019-05-08 14:56:48 +02:00
Tobias Brunner
ac66ca25f9 testing: Use custom plugin configuration to build SHA-3 CA 2019-05-08 14:56:48 +02:00
Tobias Brunner
21280da9f5 testing: Fix ikev2/net2net-rsa scenario 2019-05-08 14:56:48 +02:00
Tobias Brunner
da8e33f3ca testing: Add wrapper script to build certificates in root image 
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
 2019-05-08 14:56:48 +02:00