sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
17,534 Commits 101 Branches 327 Tags
Commit Graph

1841 Commits

Author SHA1 Message Date
Tobias Brunner
dcd8327933 testing: Install vici Python module manually 
easy_install is not included in Debian's python-setuptools package
anymore, so we install it manually using setup.py.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
d9785b36a3 testing: Replace deprecated/removed pip install --download command 
It was deprecated for a while and has been replaced by `pip download`.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
94eebc9c2c testing: Use legacy iptables on Debian buster 
The iptables-nft wrapper that uses the nftables framework can't handle
the CLUSTERIP target (plus we'd require nftables in the kernel).
 2020-09-03 13:34:19 +02:00
Tobias Brunner
5c4ebbdde8 testing: Increase maximum guest image size 
Seems that each Debian release increases the image size by about 200 MiB.
But increase it a bit more so we have room for logs/tools/debug symbols.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
3d1e2c56df testing: Use pkill to reload rsyslogd config/recreate log files 
The PID location changes with newer Debian releases so it's more
portable this way.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
d538b22afe testing: Remove deprecated UsePrivilegeSeparation option from sshd_config 2020-09-03 13:34:19 +02:00
Tobias Brunner
0d84b32e82 testing: Add Linux 5.8 kernel config 
Enables TCP encap for ESP.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
5747ec4eae testing: Use host's /dev/urandom as /dev/random on guests via VirtIO RNG 
Newer versions of systemd etc. seem to require quite a lot of entropy
from /dev/random while booting, which can block and therefore delay the
start of other services (in particular sshd) by more than a minute.
Using the host's /dev/urandom via VirtIO RNG, we can avoid blocking the
guests.

The required kernel options are added for kernel versions 5.4+.
 2020-09-03 13:34:19 +02:00
Tobias Brunner
ad7d712cb5 testing: Support build with Debian buster base image 2020-09-03 13:33:32 +02:00
Andreas Steffen
2205c75bad Version bump to 5.9.0 2020-07-29 13:08:09 +02:00
Andreas Steffen
2eec7efd46 Version bump to 5.9.0rc1 2020-07-21 22:43:36 +02:00
Tobias Brunner
59455137b4 Use Botan 2.15.0 for tests 2020-07-20 16:58:03 +02:00
Tobias Brunner
f2d240954a testing: Skip tests with missing files, don't abort the test run 
This allows simple test configs in testing/tests/local that are no
actual test cases.
 2020-06-23 16:24:18 +02:00
Andreas Steffen
d470422974 Version bump to 5.9.0dr2 2020-06-14 12:15:44 +02:00
Tobias Brunner
84bce03a64 testing: Fix SQL scenarios after preferring AEAD for ESP 
sql/net2net-route|start-pem seem to be the only ones that configure a
proposal via database.
 2020-06-12 13:45:58 +02:00
Tobias Brunner
4261f915d6 testing: Fix ikev2/net2net-fragmentation scenario 
The IKE_AUTH message from moon is now larger because of the AEAD proposal.
 2020-06-12 13:45:58 +02:00
Andreas Steffen
12e4dbb231 Version bump to 5.9.0dr1 2020-06-06 15:02:42 +02:00
Tobias Brunner
e0b1b12028 Use Botan 2.14.0 for tests 
Requires at least GCC 5.0 to build with `--amalgamation`, so it's
disabled for our Ubuntu 16.04 build.
 2020-04-07 16:37:27 +02:00
Andreas Steffen
3273667b0b Version bump to 5.8.4 2020-03-29 12:49:52 +02:00
Andreas Steffen
0728387ea9 Version bump to 5.8.3 2020-03-24 16:01:04 +01:00
Andreas Steffen
c88a4996fa Version bump to 5.8.3rc1 2020-03-19 08:43:10 +01:00
Andreas Steffen
68e8fedccb Version bump to 5.8.3dr1 2020-03-04 22:27:13 +01:00
Josh Soref
b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner
b0b928dd0a Use Botan 2.13.0 for tests 2020-01-16 08:30:47 +01:00
Andreas Steffen
e5f18a46b7 Version bump to 5.8.2 2019-12-17 14:30:41 +01:00
Andreas Steffen
b9eade0ca2 Version bump to 5.8.2rc2 2019-12-16 22:11:43 +01:00
Andreas Steffen
c2d6ac1124 Version bump to 5.8.2rc1 2019-12-07 23:06:22 +01:00
Martin Willi
f95d512251 testing: Use identity based CA restrictions in rw-hash-and-url-multi-level 
This is a prominent example where the identity based CA constraint is
benefical. While the description of the test claims a strict binding
of the client to the intermediate CA, this is not fully true if CA operators
are not fully trusted: A rogue OU=Sales intermediate may issue certificates
containing a OU=Research.

By binding the connection to the CA, we can avoid this, and using the identity
based constraint still allows moon to receive the intermediate over IKE
or hash-and-url.
 2019-12-06 10:07:47 +01:00
Andreas Steffen
ccaedf8761 Version bump to 5.8.2dr2 2019-11-26 22:36:55 +01:00
Tobias Brunner
91dabace11 testing: Add scenario with hash-and-URL encoding for intermediate CA certificates 2019-11-26 11:12:26 +01:00
Tobias Brunner
29b4b2e8e2 testing: Import sys in Python updown script 2019-11-21 16:57:25 +01:00
Tobias Brunner
662574386a testing: Accept LANG and LC_* env variables via SSH on guests 
The client config already includes SendEnv for them.  Without that these
variables currently default to POSIX.
 2019-11-14 16:11:03 +01:00
zhangkaiheb@126.com
a5b3c62091 testing: Remove unused connection definition in ikev2/force-udp-encaps 2019-11-07 11:35:43 +01:00
zhangkaiheb@126.com
9d8d85f23c testing: Fix SHA description in ikev*/esp-alg-null scenarios 2019-11-07 11:33:09 +01:00
Andreas Steffen
4f4e026d3b Version bump to 5.8.2dr1 2019-10-18 16:26:41 +02:00
Andreas Steffen
f05e9eebb0 testing: Added drbg plugin where required 2019-10-18 16:24:39 +02:00
Tobias Brunner
9cc24ca39e Use Botan 2.12.1 for tests 2019-10-14 11:43:58 +02:00
Tobias Brunner
0736882678 Use Botan 2.12.0 for tests 2019-10-07 14:31:40 +02:00
Andreas Steffen
1e38151b30 Version bump to 5.8.1 2019-09-02 14:39:16 +02:00
Andreas Steffen
7cfe85cc85 Version bump to 5.8.1rc2 2019-08-29 11:15:18 +02:00
Andreas Steffen
d2b771203f Version bump to 5.8.1rc1 2019-08-28 16:38:40 +02:00
Tobias Brunner
17c9972252 Fixed some typos, courtesy of codespell 2019-08-28 14:03:41 +02:00
Tobias Brunner
b9949e98c2 Some whitespace fixes 
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
 2019-08-22 15:18:06 +02:00
Tobias Brunner
de07b77442 Use Botan 2.11.0 for tests 2019-07-02 11:35:21 +02:00
Andreas Steffen
ab1aa03bf5 Version bump to 5.8.1dr1 2019-06-26 17:32:33 +02:00
Andreas Steffen
55dd0361b8 Version bump to 5.8.0 2019-05-20 12:31:08 +02:00
Andreas Steffen
74ac0c9efd Version bump to 5.8.0rc1 2019-05-10 12:55:48 +02:00
Andreas Steffen
47879ca638 testing: Use strongswan systemd service 2019-05-10 12:55:09 +02:00
Andreas Steffen
6d8e6ec61b testing: Load PEM keys in ikev2/net2-net-rsa scenario 2019-05-10 12:54:28 +02:00
Andreas Steffen
c9d898c9f4 testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario 2019-05-10 12:53:33 +02:00