sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
19,131 Commits 101 Branches 327 Tags
Commit Graph

10 Commits

Author SHA1 Message Date
Stefan Berghofer
7975a0cfa4 charon-tkm: Adapt to interface changes to support multiple key exchanges 
Also includes ESA flags.

Co-authored-by: Tobias Brunner <tobias@strongswan.org>
 2024-09-19 14:39:13 +02:00
Tobias Brunner
3a52fc83f8 testing: Load kdf plugin in all scenarios that require it 
Once we use plugin-provided prf+() these won't work otherwise.
 2022-04-14 19:02:48 +02:00
Andreas Steffen
0d43b39931 testing: extended sleep time tkm/xfrmproxy tests 2021-02-12 09:44:00 +01:00
Tobias Brunner
16fcdb460a charon-tkm: Don't use starter/stroke with charon-tkm anymore 
For the tests, the unused init script that was used before switching to
charon-systemd is repurposed to manage the daemon.
 2021-01-11 15:28:01 +01:00
Adrian-Ken Rueegsegger
a0a0571bd1 charon-tkm: Reverse cert chain processing order 
Verify certificate chains starting from the root CA certificate and
moving towards the leaf/user certificate.

Also update TKM-RPC and TKM in testing scripts to version supporting the
reworked CC handling.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger
eccca505aa testing: Use multi-CA aware TKM 
Also add CA ID to tkm_keymanager command.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger
d6cf4a165b testing: Add CA ID mappings to TKM tests 
Extend the build-certs-chroot script is to fill in the public key
fingerprint of the CA certificate in the appropriate strongswan.con
files.
 2021-01-08 17:22:36 +01:00
Andreas Steffen
cfeae14b06 testing: Deleting dynamic test keys and certificates 2019-05-08 14:56:48 +02:00
Tobias Brunner
772957778c charon-tkm: Call esa_reset() when the inbound SA is deleted 
After a rekeying the outbound SA and policy is deleted immediately, however,
the inbound SA is not removed until a few seconds later, so delayed packets
can still be processed.

This adds a flag to get_esa_id() that specifies the location of the
given SPI.
 2017-08-07 10:46:00 +02:00
Tobias Brunner
5163bd4b86 testing: Add tkm/xfrmproxy-rekey scenario 
Similar to the xfrmproxy-expire scenario but here the TKM host is the
responder to a rekeying.
 2017-08-07 10:44:05 +02:00