sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
18,613 Commits 101 Branches 327 Tags
Commit Graph

14 Commits

Author SHA1 Message Date
Tobias Brunner
3a52fc83f8 testing: Load kdf plugin in all scenarios that require it 
Once we use plugin-provided prf+() these won't work otherwise.
 2022-04-14 19:02:48 +02:00
Tobias Brunner
16fcdb460a charon-tkm: Don't use starter/stroke with charon-tkm anymore 
For the tests, the unused init script that was used before switching to
charon-systemd is repurposed to manage the daemon.
 2021-01-11 15:28:01 +01:00
Adrian-Ken Rueegsegger
a0a0571bd1 charon-tkm: Reverse cert chain processing order 
Verify certificate chains starting from the root CA certificate and
moving towards the leaf/user certificate.

Also update TKM-RPC and TKM in testing scripts to version supporting the
reworked CC handling.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger
eccca505aa testing: Use multi-CA aware TKM 
Also add CA ID to tkm_keymanager command.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger
d6cf4a165b testing: Add CA ID mappings to TKM tests 
Extend the build-certs-chroot script is to fill in the public key
fingerprint of the CA certificate in the appropriate strongswan.con
files.
 2021-01-08 17:22:36 +01:00
Andreas Steffen
cfeae14b06 testing: Deleting dynamic test keys and certificates 2019-05-08 14:56:48 +02:00
Tobias Brunner
8f56bbc82b testing: Update test scenarios for Debian jessie 
The main difference is that ping now reports icmp_seq instead of
icmp_req, so we match for icmp_.eq, which works with both releases.

tcpdump now also reports port 4500 as ipsec-nat-t.
 2016-06-16 14:04:11 +02:00
Reto Buerki
41e9a261ac testing: Update TKM assert strings 2015-05-05 10:55:14 +02:00
Reto Buerki
8fce649d9a testing: Assert proper ESA deletion 
Extend the tkm/host2host-initiator testcase by asserting proper ESA
deletion after connection shutdown.
 2015-02-20 13:34:52 +01:00
Martin Willi
44b6a34d43 configure: Load fetcher plugins after crypto base plugins 
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.

We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
 2014-09-24 17:34:54 +02:00
Reto Buerki
e0d59e10f8 testing: Update certs and keys in tkm tests 
References #705.
 2014-09-17 17:08:35 +02:00
Reto Buerki
8416ebb628 charon-tkm: Update integration tests 2013-12-04 10:41:54 +01:00
Reto Buerki
1cfefd38a2 Add type=transport to tkm/host2host-* connections 
Explicitly specify transport mode in connection configuration of the
responding host (sun).
 2013-06-29 15:07:10 +02:00
Reto Buerki
117375ed00 Add initial TKM integration test 
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
 2013-03-19 15:23:50 +01:00