sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
19,361 Commits 101 Branches 327 Tags
Commit Graph

2125 Commits

Author SHA1 Message Date
Andreas Steffen
c9883d612b testing: Migrated ikev1-algs scenarios to new default plugins 2024-11-22 14:14:52 +01:00
Andreas Steffen
8060541f53 testing: Migrated ikev1 scenarios to new default plugins 2024-11-22 14:14:52 +01:00
Andreas Steffen
4df94b56c0 testing: Distributed openssl-ikev2 scenarios 2024-11-22 14:14:52 +01:00
Andreas Steffen
f766a7ed49 testing: Migrated ikev2-algs scenarios to new default plugins 2024-11-22 14:14:52 +01:00
Andreas Steffen
2099a52618 testing: Migrated ikev2 scenarios to new default plugins 2024-11-22 14:14:52 +01:00
Andreas Steffen
1265d78cac ntru: Remove legacy NTRU key exchange method 2024-11-22 14:05:36 +01:00
Andreas Steffen
8e3a373e18 newhope: Remove legacy Newhope key exchange method 2024-11-22 14:05:36 +01:00
Andreas Steffen
4833f29b15 bliss: Remove legacy BLISS signatures 2024-11-22 14:05:36 +01:00
Tobias Brunner
d14bb3881b botan: Add support for ML-KEM 2024-11-22 14:03:17 +01:00
Tobias Brunner
974f9c37df Use Botan 3.6.1 for tests 
With 3.6.0 support for ML-KEM was added.
 2024-11-22 14:03:17 +01:00
Tobias Brunner
1bb6f1dd73 wolfssl: Add support for ML-KEM 2024-11-22 14:03:17 +01:00
Tobias Brunner
307dea6b5f Use wolfSSL 5.7.4 for tests 
This adds support for ML-KEM etc.
 2024-11-22 14:03:17 +01:00
Tobias Brunner
2b1885b892 testing: Add TKM scenarios with multiple key exchanges 2024-09-19 14:39:13 +02:00
Stefan Berghofer
7975a0cfa4 charon-tkm: Adapt to interface changes to support multiple key exchanges 
Also includes ESA flags.

Co-authored-by: Tobias Brunner <tobias@strongswan.org>
 2024-09-19 14:39:13 +02:00
Tobias Brunner
f3c7e5227c testing: Add ikev2/rw-cert-multi-ke scenario 2024-08-07 16:20:19 +02:00
Tobias Brunner
56b6eeb385 testing: Add ikev2/start-action-start scenario 
This tests the behavior for configs with start_action=start during
reloads of the config (updates/removal).
 2024-07-26 16:56:32 +02:00
Tobias Brunner
07ce6b44c5 testing: Enable IPv6 guest-to-guest communication 
Not sure what changed, but without this setting, ND packets would not
get through to other hosts connected to the same bridge.
 2024-07-26 11:34:44 +02:00
Tobias Brunner
d759bd9efa Use wolfSSL 5.7.2 for tests 2024-07-11 15:57:12 +02:00
Tobias Brunner
c4bce2b79b testing: Enable mgf1 plugin for scenarios where FreeRADIUS uses PSS signatures 
Looks like a cipher suite without DHE was selected previously.

Could be a side-effect of dc1085734f34 ("testing: Remove unnecessary
FreeRADIUS dh_file option as recommended in the log").
 2024-06-26 14:56:22 +02:00
Tobias Brunner
a9ced3ccb4 testing: Fix IP pool scenarios after changing base address 
Fixes: 2b11764b705d ("mem-pool: Adjust the base address if it's the network ID")
 2024-06-26 14:56:22 +02:00
Maxim Uvarov
dd256e730d testing: Enable error code checks for load-testconfig 
Errors in load-testconfig are hidden due to not checking scp
return code and mute all errors. Add -e to trap script on
any errors in this script.

References strongswan/strongswan#2310

Signed-off-by: Maxim Uvarov <muvarov@gmail.com>
 2024-06-26 14:55:52 +02:00
Maxim Uvarov
d8c6fa3b9a testing: Enable sftp subsystem in default sshd_config 
OpenSSH defaults have changed and scp stopped to work with newer versions.
There are 2 options to fix it, either use -O (legacy scp protocol)
with scp, or enable the sftp subsystem in the SSH server config.
This fix uses the second variant.

Closes strongswan/strongswan#2310

Signed-off-by: Maxim Uvarov <muvarov@gmail.com>
 2024-06-26 14:54:38 +02:00
Tobias Brunner
1cbcf198ab testing: Make RADIUS server enforce client identity in certificate's CN 2024-06-17 14:47:11 +02:00
Tobias Brunner
dc1085734f testing: Remove unnecessary FreeRADIUS dh_file option as recommended in the log 2024-06-17 14:47:11 +02:00
Tobias Brunner
84166508f8 Use wolfSSL 5.7.0 for tests 2024-03-22 11:43:39 +01:00
Andreas Steffen
dea8493f3a Version bump to 5.9.14 2024-03-19 11:56:44 +01:00
Andreas Steffen
91f209b878 Version bump to 5.9.14rc1 2024-03-13 20:24:54 +01:00
Andreas Steffen
6f8275abab testing: Added RFC4806 tests 2024-03-13 15:11:00 +01:00
Andreas Steffen
f566a85fcf Version bump to 5.9.14dr1 2024-02-22 15:51:24 +01:00
Tobias Brunner
b7fdc10a3c Use Botan 3.3.0 for tests 2024-02-22 13:49:46 +01:00
Tobias Brunner
7550463d51 Replace some other mentions of "Linux strongSwan" 2023-12-14 11:27:19 +01:00
Andreas Steffen
c8ef91c786 Version bump to 5.9.13 2023-12-01 07:26:22 +01:00
Andreas Steffen
04794e703d Version bump to 5.9.13rc1 2023-11-25 17:16:59 +01:00
Andreas Steffen
11dbc8e7f2 Version bumpt to 5.9.12 2023-11-20 12:10:34 +01:00
Andreas Steffen
02a4c8cfa9 Version bump to 5.9.12rc1 2023-11-14 08:12:00 +01:00
Tobias Brunner
801c6c32e5 testing: Use a single OCSP responder for ikev2-multi-ca/ocsp-signers scenario 
This demonstrates the multi-CA capabilities of the pki --ocsp command.
 2023-11-13 12:50:47 +01:00
Tobias Brunner
c10a13589e testing: Use pki --ocsp as OCSP responder 
The only exception is the ikev2/ocsp-no-signer-cert scenario as the
pki command won't sign an OCSP response with a certificate that isn't
the CA certificate or marked as an OCSP signer.
 2023-11-13 12:50:47 +01:00
Tobias Brunner
eda91911fa Use wolfSSL 5.6.4 for tests 2023-11-03 09:28:51 +01:00
Andreas Steffen
51872a0a0c Version bump to 5.9.12dr2 2023-10-30 22:42:55 +01:00
Tobias Brunner
578b561a22 Use Botan 3.2.0 for tests 
This includes a change that allows checking EC keys for explicit
param encoding.
 2023-10-13 09:10:46 +02:00
Andreas Steffen
7dfb88ead2 Version bump to 5.9.12dr2 2023-10-04 08:15:54 +02:00
Tobias Brunner
5005c2e4ab testing: Use pip from venv to download dependencies 
pip3 isn't installed in the base image anymore since 21bf3e41f94a
("testing: Use venv for strongTNC").
 2023-08-28 17:49:26 +02:00
Tobias Brunner
36b1a6d76c Use Botan 3.1.1 for tests 
The all-zero Ed25519 public key is rejected by botan_pubkey_check_key()
when the key is loaded.

Note that Botan 3 requires GCC 11 or CLANG 14, i.e. can't easily be built
on Debian bullseye or Ubuntu 20.04.

The thread-local storage function gets flagged via various botan FFI
functions when using Botan 3, whitelist that instead of all of them.
 2023-07-26 13:09:22 +02:00
Tobias Brunner
4ba857930c testing: Format total time in a more readable way 2023-07-26 13:06:40 +02:00
Tobias Brunner
99bd7ca2fd testing: Change memory allocation for alice and winnetou and switch to MiB 
The services running on alice seem to require a bit more memory with
Debian bookworm, so increase the memory allocation.  But at the same
time reduce winnetou's allocation by the same amount as it really doesn't
require that much memory.

The unit change makes it easier to read.
 2023-07-20 15:59:49 +02:00
Tobias Brunner
732909ce1e testing: Hardcode /testresults mount point in winnetou's fstab 
Because do-tests runs the restore-defaults script, fstab would get reset
to the default version and the mount point wouldn't be available anymore
after stopping and restarting the guests (unless the guest images were
rebuilt in between).
 2023-07-20 15:59:21 +02:00
Tobias Brunner
872781734d testing: Copy guest-specific files after default files 
This allows overriding some files per guest.
 2023-07-20 15:59:21 +02:00
Tobias Brunner
79ad33bfba testing: Use Debian 12 (bookworm) 2023-07-13 12:41:51 +02:00
Tobias Brunner
043e10ebb8 testing: Use Debian bookworm to test TKM 2023-07-13 12:41:51 +02:00
Tobias Brunner
dee9bfb682 testing: Update TKM dependencies to fix compilation with newer GNAT versions 2023-07-13 10:48:53 +02:00