sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-16 00:00:37 -04:00
Code Issues Projects Releases Wiki Activity
19,495 Commits 101 Branches 327 Tags
Commit Graph

24 Commits

Author SHA1 Message Date
Jean-François Hren
fd6ac87fc3 testing: Add ha/active-passive-multi-ke scenario 2025-02-28 16:02:41 +01:00
Andreas Steffen
e7166c342b testing: Distributed openssl-ikev1 scenarios 2024-11-22 14:14:52 +01:00
Andreas Steffen
4df94b56c0 testing: Distributed openssl-ikev2 scenarios 2024-11-22 14:14:52 +01:00
Andreas Steffen
4833f29b15 bliss: Remove legacy BLISS signatures 2024-11-22 14:05:36 +01:00
Tobias Brunner
2b1885b892 testing: Add TKM scenarios with multiple key exchanges 2024-09-19 14:39:13 +02:00
Andreas Steffen
6f8275abab testing: Added RFC4806 tests 2024-03-13 15:11:00 +01:00
Tobias Brunner
e0f0f812c7 testing: Create traditional RSA keys with OpenSSL 3 
This is necessary because TKM can't read PKCS#8 files and in some
scenarios we don't have the pkcs8 plugin loaded that would be required
to read/decrypt the non-traditional files.
 2023-07-13 10:48:53 +02:00
Andreas Steffen
8329455628 testing: Check canonical OCSP/CRL serial numbers 2022-12-05 20:18:24 +01:00
Tobias Brunner
8c48de739d testing: Use AES and SHA-256 to protect PKCS#12 files 
The -aes128 option is used when encrypting private keys read from a
PKCS#12 file, not when generating such a file.
 2021-10-18 14:27:14 +02:00
Andreas Steffen
cc4338267e testing: Added openssl-ikev2/net2net-sha3-rsa-cert scenario 2021-06-03 14:20:06 +02:00
Andreas Steffen
de5ca4021a testing: Test wolfssl plugin 2021-06-03 10:22:59 +02:00
Andreas Steffen
7c5a2974b9 testing: Reorganizing IKEv1 and IKEv2 examples 
For documentation purposes the new folders ikev1-algs, ikev2-algs,
ikev1-multi-ca and ikev2-multi-ca have been created. Most of the
test cases have now been converted to the vici interface. The
remaining legacy stroke scenarios yet to be converted have been put
into the ikev2-stroke-bye folder.

For documentation purposes some legacy stroke scenarios will be kept
in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
 2021-05-21 09:42:50 +02:00
Andreas Steffen
68154033bb testing: Store mars credentials in the swanctl directory 2021-03-30 22:12:00 +02:00
Коренберг Марк
d8e4a2a777 identification: Change abbreviation for surname/serialNumber RDNs 
To align with RFC 4519, section 2.31/32, the abbreviation for surname
is changed to "SN" that was previously used for serialNumber, which does
not have an abbreviation.

This mapping had its origins in the X.509 patch for FreeS/WAN that was
started in 2000.  It was aligned with how OpenSSL did this in earlier
versions.  However, there it was changed already in March 2002 (commit
ffbe98b7630d604263cfb1118c67ca2617a8e222) to make it compatible with
RFC 2256 (predecessor of RFC 4519).

Co-authored-by: Tobias Brunner <tobias@strongswan.org>

Closes strongswan/strongswan#179.
 2021-01-18 17:41:37 +01:00
Tobias Brunner
5ef10ec326 testing: Add scenarios that use a CA with two intermediate CA certificates 
Mainly to test TKM's ability for handling multiple CAs and that the
received intermediate CA certificates are passed in the right order.
But also added a regular scenario where two intermediate CA certificates
are sent by one of the clients.
 2021-01-11 15:28:10 +01:00
Adrian-Ken Rueegsegger
d6cf4a165b testing: Add CA ID mappings to TKM tests 
Extend the build-certs-chroot script is to fill in the public key
fingerprint of the CA certificate in the appropriate strongswan.con
files.
 2021-01-08 17:22:36 +01:00
Josh Soref
b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner
91dabace11 testing: Add scenario with hash-and-URL encoding for intermediate CA certificates 2019-11-26 11:12:26 +01:00
Tobias Brunner
17c9972252 Fixed some typos, courtesy of codespell 2019-08-28 14:03:41 +02:00
Andreas Steffen
c9d898c9f4 testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario 2019-05-10 12:53:33 +02:00
Tobias Brunner
27f6d37544 testing: Return an error if any command in the certificate build script fails 2019-05-08 14:56:48 +02:00
Tobias Brunner
ac66ca25f9 testing: Use custom plugin configuration to build SHA-3 CA 2019-05-08 14:56:48 +02:00
Tobias Brunner
21280da9f5 testing: Fix ikev2/net2net-rsa scenario 2019-05-08 14:56:48 +02:00
Tobias Brunner
da8e33f3ca testing: Add wrapper script to build certificates in root image 
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
 2019-05-08 14:56:48 +02:00