sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-04 00:00:51 -05:00
Code Issues Projects Releases Wiki Activity
13,405 Commits 103 Branches 331 Tags
Commit Graph

1280 Commits

Author SHA1 Message Date
Martin Willi
44b6a34d43 configure: Load fetcher plugins after crypto base plugins 
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.

We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
 2014-09-24 17:34:54 +02:00
Tobias Brunner
0bf2abf182 testing: Use multiple jobs to install strongSwan 2014-09-19 13:37:59 +02:00
Tobias Brunner
82136aa2cf testing: Add a script to build the current (or an arbitrary) source tree 
This allows to (relatively) quickly (re-)build and install the current
or an arbitrary strongSwan source tree within the root image.

bindfs is used to bind mount the source directory using the regular user
and group (only works if sudo is used to run the script) so that newly
created files are not owned by root.

As with building the root image in general the guests must not be
running while executing this script.  The guest images are automatically
rebuilt after the root image has been updated so configuration files and
other modifications in guests will be lost.
 2014-09-19 13:37:59 +02:00
Tobias Brunner
f376503f41 testing: Add packages to rebuild strongSwan from the repository 2014-09-19 13:37:59 +02:00
Tobias Brunner
ffcf8f4ea2 testing: Make strongSwan build recipe more configurable 2014-09-19 13:37:59 +02:00
Reto Buerki
e0d59e10f8 testing: Update certs and keys in tkm tests 
References #705.
 2014-09-17 17:08:35 +02:00
Reto Buerki
1004d395f5 testing: Update x509-ada version to 0.1.1 
Fixes #705.
 2014-09-17 17:07:29 +02:00
Andreas Steffen
51da5b920b Generated new test certificates 2014-08-28 21:34:40 +02:00
Tobias Brunner
6095714e64 testing: Make sure the kernel exists when starting 2014-08-25 10:58:46 +02:00
Andreas Steffen
4ccfc879b5 Updated URL to swidGenerator in recipe 2014-07-09 15:08:18 +02:00
Andreas Steffen
cac71ff00c Update KVM test framework to 3.15 guest kernel 2014-06-27 10:07:27 +02:00
Tobias Brunner
be41910e19 testing: Add sql/shunt-policies-nat-rw scenario 2014-06-26 18:13:26 +02:00
Tobias Brunner
73211f9b74 testing: Add pfkey/shunt-policies-nat-rw scenario 2014-06-26 18:13:26 +02:00
Tobias Brunner
945e1df738 testing: Remove obsolete shunt-policies scenarios 2014-06-26 18:12:00 +02:00
Andreas Steffen
75598e5053 Updated description of TNC scenarios concerning RFC 7171 PT-EAP support 2014-06-26 09:47:03 +02:00
Andreas Steffen
21aebe3781 Removed django.db from swid scenarios 2014-06-26 09:45:54 +02:00
Tobias Brunner
2ef6f57456 testing: Add ikev2/shunt-policies-nat-rw scenario 2014-06-19 14:23:07 +02:00
Tobias Brunner
d93987ce24 testing: Remove ikev2/shunt-policies scenario 
This scenario doesn't really apply anymore (especially its use of drop
policies).
 2014-06-19 14:23:07 +02:00
Andreas Steffen
d345f0b75d Added swanctl/net2net-route scenario 2014-06-18 14:57:33 +02:00
Andreas Steffen
3f5f0b8940 Added swanctl/net2net-start scenario 2014-06-18 14:35:59 +02:00
Andreas Steffen
4402bae77d Minor changes in swanctl scenarios 2014-06-18 14:35:36 +02:00
Andreas Steffen
ed42874645 Added swanctl --list-pols and swanctl --stats do scenario log 2014-06-18 13:16:18 +02:00
Tobias Brunner
d6f0372daf testing: Delete accidentally committed test cases 2014-06-18 09:38:53 +02:00
Andreas Steffen
39d6469d76 Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios 2014-06-14 15:40:23 +02:00
Andreas Steffen
3eb22f1f00 Single-line --raw mode simplifies evaltest of swanctl scenarios 2014-06-14 15:40:23 +02:00
Andreas Steffen
12d618e280 Added swanctl/ip-pool-db scenario 2014-06-11 18:12:35 +02:00
Andreas Steffen
cda2a1e4dc Updated strongTNC configuration 2014-06-11 18:12:34 +02:00
Andreas Steffen
d643f2cf91 Added swanctl/ip-pool scenario 2014-06-10 16:48:16 +02:00
Andreas Steffen
c621847395 Added swanctl/rw-cert scenario 2014-06-10 16:48:15 +02:00
Andreas Steffen
b09016377a Define default swanctl credentials in hosts directory 2014-06-10 16:19:00 +02:00
Tobias Brunner
acdcb91e07 testing: Cache packages downloaded with pip for strongTNC 
This way no network connections is required to rebuild the root/guest images.
 2014-06-02 17:45:42 +02:00
Andreas Steffen
2721832a45 First swanctl scenario 2014-06-01 21:12:15 +02:00
Andreas Steffen
2382d45b1c Test SWID REST API ins tnc/tnccs-20-pdp scenarios 2014-05-31 21:25:46 +02:00
Andreas Steffen
2997077bae Migration from Debian 7.4 to 7.5 2014-05-31 20:37:57 +02:00
Andreas Steffen
0f000cdd6c Minor changes in the test environment 2014-05-15 21:30:42 +02:00
Andreas Steffen
8d59090349 Implemented PT-EAP protocol (RFC 7171) 2014-05-12 06:59:21 +02:00
Tobias Brunner
1dfd11fd92 testing: Added pfkey/compress test case 2014-04-24 17:36:17 +02:00
Andreas Steffen
fa6c5f3506 Handle tag separators 2014-04-15 09:28:38 +02:00
Andreas Steffen
edd2ed860f Renewed expired user certificate 2014-04-15 09:28:37 +02:00
Andreas Steffen
9b7f9ab5d2 Updated SWID scenarios 2014-04-15 09:21:06 +02:00
Andreas Steffen
3e7044b45e Implemented segmented SWID tag attributes on IMV side 2014-04-15 09:21:06 +02:00
Andreas Steffen
8c40609f96 Use python-based swidGenerator to generated SWID tags 2014-04-15 09:21:06 +02:00
Andreas Steffen
48f37c448c Make Attestation IMV independent of OS IMV 2014-04-15 09:21:05 +02:00
Andreas Steffen
ab8ed95bfc Fixed pretest script in tnc/tnccs-20-pt-tls scenario 2014-04-04 23:04:54 +02:00
Tobias Brunner
7a61bf9032 testing: Run 'conntrack -F' before all test scenarios 
This prevents failures due to remaining conntrack entries.
 2014-04-02 11:55:05 +02:00
Andreas Steffen
96e3142c39 Test TLS AEAD cipher suites 2014-04-01 10:12:15 +02:00
Andreas Steffen
05eb83e986 Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenario 2014-03-31 22:22:58 +02:00
Martin Willi
91d71abb16 revocation: Restrict OCSP signing to specific certificates 
To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:

- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint

The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.
 2014-03-31 14:40:33 +02:00
Martin Willi
babd848778 testing: Add an acert test that forces a fallback connection based on groups 2014-03-31 11:14:59 +02:00
Martin Willi
1a4d3222be testing: Add an acert test case sending attribute certificates inline 2014-03-31 11:14:59 +02:00