sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
17,986 Commits 101 Branches 327 Tags
Commit Graph

83 Commits

Author SHA1 Message Date
Tobias Brunner
16fcdb460a charon-tkm: Don't use starter/stroke with charon-tkm anymore 
For the tests, the unused init script that was used before switching to
charon-systemd is repurposed to manage the daemon.
 2021-01-11 15:28:01 +01:00
Andreas Steffen
f3d96b7bc9 Version bump to 5.9.1dr1 2020-10-07 16:54:32 +02:00
Tobias Brunner
d538b22afe testing: Remove deprecated UsePrivilegeSeparation option from sshd_config 2020-09-03 13:34:19 +02:00
Josh Soref
b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner
662574386a testing: Accept LANG and LC_* env variables via SSH on guests 
The client config already includes SendEnv for them.  Without that these
variables currently default to POSIX.
 2019-11-14 16:11:03 +01:00
Tobias Brunner
35392aa869 testing: Use renamed systemd unit 
While the alias is available after enabling the unit, we don't
actually do that in our testing environment (adding a symlink manually
would work too, then again, why not just use the proper name?).
 2019-04-24 13:57:48 +02:00
Tobias Brunner
35b82000f1 testing: Disable gcrypt plugin for swanctl 
Sometimes swanctl hangs when initializing the plugin and it apparently
gathers entropy.
 2019-03-28 18:16:56 +01:00
Tobias Brunner
7511a6fd9c testing: Install a package via apt-get to get a second SWIMA software event 
This installs tmux and its two dependencies libevent-2.0-5 and libutempter0.
For the tnc/tnccs-20-ev-pt-tls test scenario older, apparently replaced
versions of these packages are entered to the collector.db database, so that
dummy SWID tags for these packages can be requested via SWIMA.
 2018-11-21 14:33:29 +01:00
Tobias Brunner
2e39b1db0a testing: Remove unused/inexistent DSA key from sshd config 2018-11-21 14:32:25 +01:00
Tobias Brunner
a29f70e4fb testing: Use AES-GCM for SSH connections 
RC4, which was previously used for performance reasons, is not supported
anymore with newer versions of SSH (stretch still supports it, but it
requires explicit configuration on the guests when they act as clients
too - the version in Ubuntu 18.04 apparently doesn't support it anymore
at all).

AES-GCM should actually be faster (at least for larger amounts of data and
in particular with hardware acceleration).
 2018-10-30 15:06:57 +01:00
Andreas Steffen
04ef28b4df Version bump to 5.7.1 2018-10-01 17:46:17 +02:00
Tobias Brunner
80c9ae4521 testing: Add wrapper for systemctl to collect leaks from charon-systemd 
Similar to the wrapper around `service` added with 71d59af58aea, this
sets the variable only when running the automated tests.
 2018-06-28 16:45:54 +02:00
Matt Selsky
c8f45e4573 testing: Fix typo in sysctl.conf file 
Closes strongswan/strongswan#97.
 2018-04-03 09:55:05 +02:00
Tobias Brunner
ce4aebe00a testing: Configure logging via syslog in strongswan.conf 
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
 2017-11-15 17:24:04 +01:00
Tobias Brunner
d24d26c4bc testing: Disable logging via journal in charon-systemd 
This avoids duplicate log messages as we already log via syslog to get
daemon.log.
 2017-11-15 17:12:09 +01:00
Tobias Brunner
be214cb17e testing: Globally define logging via syslog for charon-systemd 
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
 2017-11-15 17:09:55 +01:00
Tobias Brunner
f058804df8 testing: Move collector.db in tnc/tnccs-20-ev-pt-tls scenario to /etc/db.d 
Also move initialization to the pretest script (it's way faster in the
in-memory database).
 2017-08-07 16:55:45 +02:00
Andreas Steffen
808be1d57f testing: Added tnc/tnccs-20-ev-pt-tls scenario 2017-08-04 19:15:51 +02:00
Tobias Brunner
71d59af58a testing: Add wrapper around service command 
When charon is started via service command LEAK_DETECTIVE_LOG is not set
because the command strips the environment.  Since we only want the
variable to be set during the automated test runs we can't just set it
in /etc/default/charon.  Instead, we do so in this wrapper when charon is
started and remove the variable again when it is stopped.
 2017-05-26 16:28:16 +02:00
Tobias Brunner
b2473e94a2 Fixed some typos, courtesy of codespell 2017-05-26 14:44:06 +02:00
Tobias Brunner
4d0795bcef testing: Avoid expiration of allocated SPIs due to low retransmission settings 2017-05-23 18:05:58 +02:00
Andreas Steffen
470e61ae77 testing: strongTNC does not come with django.db any more 2016-12-17 18:09:20 +01:00
Tobias Brunner
d8b2980aa5 testing: Log leaks and fail tests if any are detected 2016-09-20 15:36:14 +02:00
Tobias Brunner
7b879874d7 Revert "testing: Only load selected plugins in swanctl" 
This reverts commit dee01d019ba9743b2784b417155601d10c173a66.

Thanks to 505c31870162 ("leak-detective: Try to properly free
allocations after deinitialization") this is not required anymore.
 2016-07-01 17:35:52 +02:00
Tobias Brunner
dee01d019b testing: Only load selected plugins in swanctl 
The main issue is that the ldap and curl plugins, or rather the libraries
they use, initialize GnuTLS (curl, strangely, even when it is, by its own
account, linked against OpenSSL).  Some of these allocations are only freed
once the libraries are unloaded.  This means that the leak detective causes
invalid frees when swanctl is terminated and libraries are unloaded after the
leak detective is already deinitialized.
 2016-06-20 18:23:45 +02:00
Tobias Brunner
eb25b1a73d testing: Fix expect-connection for tkm tests 
We don't use swanctl there but there is no load statement either.
 2016-06-16 14:35:26 +02:00
Tobias Brunner
5c71cbfa94 testing: Add root to fstab 
This seems to be required for systemd to remount it.
 2016-06-15 16:24:44 +02:00
Tobias Brunner
2b0a6811ab testing: Explicitly enable RC4 in SSH server config 
Newer OpenSSH versions disable this by default because it's unsafe.
Since this is not relevant for our use case we enable it due to its
speed.
 2016-06-15 16:24:44 +02:00
Tobias Brunner
b77e25c381 testing: The expect-connection helper may use swanctl to check for connections 
Depending on the plugin configuration in the test scenario either
`ipsec statusall` or `swanctl --list-conns` is used to check for a named
connection.
 2015-12-11 18:26:53 +01:00
Tobias Brunner
8713e32435 testing: Only send two retransmits after 1 second each to fail negative tests earlier 2015-11-09 15:18:34 +01:00
Tobias Brunner
9a0871ab94 testing: Add a base strongswan.conf file used by all hosts in all scenarios 
We will use this to set some defaults (e.g. timeouts to make testing
negative tests quicker).  We don't want these settings to show up in the
configs of the actual scenarios though.
 2015-11-09 15:18:34 +01:00
Tobias Brunner
b7b2f9379d testing: Enable virtio console for guests 
This allows accessing the guests with `virsh console <name>`.

Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.

References #729.
 2014-10-10 19:03:28 +02:00
Andreas Steffen
2721832a45 First swanctl scenario 2014-06-01 21:12:15 +02:00
Andreas Steffen
2382d45b1c Test SWID REST API ins tnc/tnccs-20-pdp scenarios 2014-05-31 21:25:46 +02:00
Tobias Brunner
9942e43dc6 testing: Use installed PTS SQL schema and data instead of local copy 2014-02-12 14:08:34 +01:00
Tobias Brunner
96e8715e32 testing: Use installed SQL schema instead of local copy 2014-02-12 14:08:34 +01:00
Andreas Steffen
d6804e3041 Added missing semicolon in SQL statements 2014-02-05 10:15:56 +01:00
Andreas Steffen
523c2874fb Added Android 4.3.1 to products database table 2014-02-04 19:49:34 +01:00
Andreas Steffen
2a43f7fd9e Added new Android versions to PTS database 2014-02-04 06:59:01 +01:00
Andreas Steffen
eeaa8a2417 Added TPMRA workitem support in PTS database 2014-01-16 01:46:55 +01:00
Andreas Steffen
b891c22aa9 Updated and split data.sql 2013-10-23 00:26:02 +02:00
Andreas Steffen
cae778147a Define aaa.strongswan.org in /etc/hosts 2013-10-11 20:16:59 +02:00
Martin Willi
71d468ec90 testing: Allow AH packets in default INPUT/OUTPUT chains 2013-10-11 10:15:22 +02:00
Andreas Steffen
9b8137fdd3 Added tags table and some tag samples 2013-09-05 11:29:23 +02:00
Andreas Steffen
86f00e6aff Added regids table and some sample reqid data 2013-09-02 12:00:47 +02:00
Andreas Steffen
4c961168cc Updated PTS database scheme to new workitems model 2013-07-29 11:41:47 +02:00
Andreas Steffen
9844f240f8 Register packages under Debian 7.0 x86_64 2013-07-04 22:53:41 +02:00
Tobias Brunner
c6e1eda6d0 testing: Set terminal title when logging in via SSH 
Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.
 2013-05-15 10:35:48 +02:00
Andreas Steffen
0f499f41dc Use attest database in tnc/tnccs-20-os scenario 2013-04-21 16:31:23 +02:00
Reto Buerki
7b702150a0 Add expect-file guest image script 
This script can be used in pretest.dat files to wait until a given file
appears.
 2013-03-19 15:23:50 +01:00