sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
18,539 Commits 101 Branches 327 Tags
Commit Graph

77 Commits

Author SHA1 Message Date
Tobias Brunner
3a52fc83f8 testing: Load kdf plugin in all scenarios that require it 
Once we use plugin-provided prf+() these won't work otherwise.
 2022-04-14 19:02:48 +02:00
Andreas Steffen
f0935a63ed testing: Optimized plugin use in pkcs8 scenarios 2021-10-23 11:44:15 +02:00
Andreas Steffen
9c7288d6f1 testing: Minimum required plugins for net2net-pkcs12 scenarios 2021-10-22 11:39:20 +02:00
Andreas Steffen
8cc89b505e testing: Correctly remove pkcs8 key after test case 2021-10-18 11:45:31 +02:00
Andreas Steffen
cc4338267e testing: Added openssl-ikev2/net2net-sha3-rsa-cert scenario 2021-06-03 14:20:06 +02:00
Andreas Steffen
b213204b3b testing: Updated build-certs script 2019-05-08 14:56:48 +02:00
Andreas Steffen
cfeae14b06 testing: Deleting dynamic test keys and certificates 2019-05-08 14:56:48 +02:00
Andreas Steffen
8db01c6a3f testing: Script building fresh certificates 2019-05-08 14:56:48 +02:00
Tobias Brunner
35392aa869 testing: Use renamed systemd unit 
While the alias is available after enabling the unit, we don't
actually do that in our testing environment (adding a symlink manually
would work too, then again, why not just use the proper name?).
 2019-04-24 13:57:48 +02:00
Andreas Steffen
440e6a03c1 testing: Migrated openssl-ikev2/net2net-pkcs12 scenario to swanctl 2018-11-12 13:46:16 +01:00
Andreas Steffen
836e870912 testing: Removed openssl-ikev2/rw-eap-tls-only scenario 2018-11-12 12:41:11 +01:00
Andreas Steffen
280cf56411 testing: Removed openssl-ikev2/net2net-pgp-v3 scenario 2018-11-12 12:35:37 +01:00
Andreas Steffen
e259ff3979 testing: migrated openssl-ikev2/critical-extension to swanctl 2018-11-12 11:50:05 +01:00
Andreas Steffen
97493cbe17 testing: Migrated openssl/rw-cert scenario to swanctl 2018-11-09 21:45:12 +01:00
Andreas Steffen
6617341390 testing: Migrated openssl-ikev2/ecdsa-pkcs8 scenario to swanctl 2018-11-09 16:38:33 +01:00
Andreas Steffen
6ea531d926 testing: Migrated openssl brainpool scenarios to swanctl 2018-11-09 15:00:26 +01:00
Andreas Steffen
1cab8ed5f8 testing: Migrated openssl alg-ecp-low scenarios to swanctl 2018-11-09 12:42:14 +01:00
Andreas Steffen
21735750df testing: Migrated openssl alg-ecp-high scenarios 2018-11-09 11:52:59 +01:00
Andreas Steffen
a4c085978c testing: Migrated openssl alg-camellia scenarios to swanctl 2018-11-09 10:02:26 +01:00
Andreas Steffen
873a6ab0ef testing: Removed openssl alg-aes-gcm and alg-blowfish scenarios 2018-11-08 21:28:19 +01:00
Andreas Steffen
fcaa081825 testing: Removed openssl suite B scenarios 2018-11-08 21:23:10 +01:00
Andreas Steffen
99b66151fd testing: Moved openssl ecdsa-certs scenarios to swanctl 2018-11-08 21:16:32 +01:00
Andreas Steffen
295493f46f testing: Renewed ECDSA certificates 2018-06-13 17:07:25 +02:00
Tobias Brunner
ce4aebe00a testing: Configure logging via syslog in strongswan.conf 
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
 2017-11-15 17:24:04 +01:00
Andreas Steffen
88b941939f testing: Fixed typo in openssl-ikev2/rw-suite-b-192 scenario 2017-07-08 23:19:18 +02:00
Andreas Steffen
99c03e9a11 testing: make curve25519 the default DH group 2016-11-14 16:20:51 +01:00
Tobias Brunner
aacf84d837 testing: Add expect-connection calls for all tests and hosts 
There are some exceptions (e.g. those that use auto=start or p2pnat).
 2016-06-16 14:35:18 +02:00
Tobias Brunner
8f56bbc82b testing: Update test scenarios for Debian jessie 
The main difference is that ping now reports icmp_seq instead of
icmp_req, so we match for icmp_.eq, which works with both releases.

tcpdump now also reports port 4500 as ipsec-nat-t.
 2016-06-16 14:04:11 +02:00
Andreas Steffen
5e2b740a00 128 bit default security strength requires 3072 bit prime DH group 2015-12-14 10:39:40 +01:00
Tobias Brunner
f519acd42f testing: Remove nearly all sleep calls from pretest and posttest scripts 
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
f36b6d49af testing: Adapt tests to retransmission settings and reduce DPD delay/timeout 2015-11-09 15:18:34 +01:00
Andreas Steffen
d04e47a9eb testing: Wait for DH crypto tests to complete 2015-04-26 11:51:49 +02:00
Tobias Brunner
53217d70b0 testing: Disable signature authentication on dave in openssl-ikev2/ecdsa-certs scenario 2015-03-04 13:54:12 +01:00
Tobias Brunner
4aa24d4c13 testing: Update test conditions because signature schemes are now logged 
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
 2015-03-04 13:54:10 +01:00
Andreas Steffen
006518e859 The critical-extension scenarios need the old private keys 2014-10-05 20:58:03 +02:00
Tobias Brunner
09f1fb82f9 testing: Update PKCS#12 containers 2014-10-03 12:44:13 +02:00
Martin Willi
44b6a34d43 configure: Load fetcher plugins after crypto base plugins 
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.

We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
 2014-09-24 17:34:54 +02:00
Andreas Steffen
96e3142c39 Test TLS AEAD cipher suites 2014-04-01 10:12:15 +02:00
Andreas Steffen
07e7cb146f Added openssl-ikev2/net2net-pgp-v3 scenario 2014-03-22 09:55:03 +01:00
Andreas Steffen
c683b389ba Merged libstrongswan options into charon section 2014-03-15 14:07:34 +01:00
Andreas Steffen
7967876257 Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenarios 2013-10-30 20:46:32 +01:00
Andreas Steffen
2efe61e07b Added two Brainpool IKEv2 scenarios 2013-10-23 21:11:28 +02:00
Andreas Steffen
1486fe786a Use bold font to display key size 2013-10-11 21:23:10 +02:00
Tobias Brunner
9e7a45bec2 testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios 
Certificates are now properly extracted from PKCS#12 files.
 2013-07-15 11:27:07 +02:00
Andreas Steffen
9e0182b922 openssl plugin can replace random, hmac, and gcm plugins 2013-07-10 20:38:07 +02:00
Andreas Steffen
3910fb3715 Added openssl-ikev2/net2net-pkcs12 scenario 2013-07-10 20:25:49 +02:00
Andreas Steffen
b1f1e5e5f2 5.1.0 changes for test cases 2013-06-29 00:07:15 +02:00
Andreas Steffen
1b912ad384 check for successful activation of FIPS mode 2013-04-19 18:46:52 +02:00
Andreas Steffen
545df30c18 Added openssl-ikev2/rw-cpa scenario 2013-04-19 18:34:35 +02:00
Andreas Steffen
f7580a5a67 added openssl-ikev2/alg-aes-gcm scenario 2013-03-03 11:43:52 +01:00