Tobias Brunner
ceca26c88e
testing: Enable Python eggs in testing environment (i.e. vici's Python bindings)
2019-04-04 09:36:38 +02:00
Tobias Brunner
760d7c9b4f
testing: Add scenarios that use XFRM interfaces
...
The network namespace scenario requires a kernel patch in 4.19 and 4.20
kernels (the fix is included in 5.0 kernels).
2019-04-04 09:31:38 +02:00
Tobias Brunner
5b2078ad09
testing: Enable XFRM interfaces and network namespaces in 4.19 and 5.0 kernel
2019-04-04 09:31:38 +02:00
Tobias Brunner
f43302dc10
Use Botan 2.10.0 for tests
2019-04-01 11:01:46 +02:00
Andreas Steffen
7b5eee65a0
Version bump to 5.8.0dr2
2019-03-30 17:11:34 +01:00
Andreas Steffen
195ee25dba
testing: Updated expired certificates
2019-03-30 17:10:51 +01:00
Andreas Steffen
d93532553c
Testing: Removed tnc/tnccs-20-server-retry scenario
2019-03-29 17:04:43 +01:00
Tobias Brunner
35b82000f1
testing: Disable gcrypt plugin for swanctl
...
Sometimes swanctl hangs when initializing the plugin and it apparently
gathers entropy.
2019-03-28 18:16:56 +01:00
Andreas Steffen
fa1f4d199e
testing: Prolonged Duck end entity certificate
2019-03-13 19:02:42 +01:00
Andreas Steffen
08a7326181
Version bump to 5.8.0dr1
2019-03-13 19:02:42 +01:00
Tobias Brunner
6639288b1a
Use Botan 2.9.0 for tests
2019-01-16 17:11:46 +01:00
Andreas Steffen
eb16352232
Version bump to 5.7.2
2018-12-27 12:11:49 +01:00
Andreas Steffen
023b9c0edc
Version bump to 5.7.2rc1
2018-12-19 13:21:48 +01:00
Andreas Steffen
7cf3f97e56
Version bump to 5.7.2dr4
2018-12-09 19:53:31 +01:00
Andreas Steffen
030de21b7b
testing: Migrated ikev2 scenarios to swanctl
2018-12-09 13:16:41 +01:00
Tobias Brunner
48afa6b783
testing: Switch to Debian stretch base images
2018-11-21 14:34:16 +01:00
Tobias Brunner
7511a6fd9c
testing: Install a package via apt-get to get a second SWIMA software event
...
This installs tmux and its two dependencies libevent-2.0-5 and libutempter0.
For the tnc/tnccs-20-ev-pt-tls test scenario older, apparently replaced
versions of these packages are entered to the collector.db database, so that
dummy SWID tags for these packages can be requested via SWIMA.
2018-11-21 14:33:29 +01:00
Tobias Brunner
b217bdf75f
testing: Add additional memory to alice
...
strongTNC seems to require a lot more memory than we assign by default,
not sure this increase is enough.
2018-11-21 14:32:25 +01:00
Tobias Brunner
b3d9ada385
testing: Generate some UTF-8 locales
2018-11-21 14:32:25 +01:00
Tobias Brunner
1741d1ac07
testing: Disable systemd's NTP service
...
This produces a lot of useless traffic as no NTP servers are reachable (or
even resolvable via winnetou).
2018-11-21 14:32:25 +01:00
Tobias Brunner
c7a74fd3e5
testing: Allow enabling only timestamps without verbose command output
...
-t enables only the timestamps, -v additionally logs command output
(includes -t).
2018-11-21 14:32:25 +01:00
Tobias Brunner
2132031d0e
testing: Show config files of FreeRADIUS 3.0 in test results
2018-11-21 14:32:25 +01:00
Tobias Brunner
231828f810
testing: Config changes for FreeRADIUS 3.0
...
Also includes some changes for jessie's version of FreeRADIUS 2 (was
previously a custom version).
Besides the move to a subdir the config files were adapted for 3.0.
The rlm_sim_files module was removed with FreeRADIUS 3 and Debian's
package of FreeRADIUS 2 does not ship it, so we now replicate it using
the files module (via users file, which is actually a symlink to
mods-config/files/authorize in the default installation of FreeRADIUS 3).
Another approach was tried using rlm_passwd, however, that module does
not read binary/hex data, only printable strings, which would require
changing the triplets.
For 2.x a hack in the site config is necessary to make the attributes
available to the EAP-SIM module.
2018-11-21 14:32:25 +01:00
Tobias Brunner
a8112cc174
testing: Use freeradius instead of the removed radiusd to start FreeRADIUS
2018-11-21 14:32:25 +01:00
Tobias Brunner
2e39b1db0a
testing: Remove unused/inexistent DSA key from sshd config
2018-11-21 14:32:25 +01:00
Tobias Brunner
30e68c80d2
testing: Only run DHCPv4 by setting an listening interface explicitly
...
Debian stretch's init script for isc-dhcp-server uses the INTERFACESv4|6
variables to decide whether to start the v4 and/or v6 DHCP server.
If they are not empty, the daemon is started for the respective version,
however, if both are empty (the default), to listen on all interfaces, the
daemon is started for both versions. The latter would require a subnet
config for IPv6 as the daemon otherwise exits, letting the init script fail,
while keeping the successfully started v4 version running, which, in turn,
can't be stopped anymore with the init script because it thinks the daemon
is not running.
So it's not possible with this init script to start DHCPv4 on all interfaces
without having to configure and run DHCPv6 also.
2018-11-21 14:32:25 +01:00
Tobias Brunner
c2742f9bf5
testing: Remove unused dhcpd config on moon
2018-11-21 14:32:25 +01:00
Tobias Brunner
9083ccd05c
testing: Accept ping6 output with IP address after hostname
...
Newer versions of ping6 add the IP address after the FQDN in the output.
2018-11-21 14:32:25 +01:00
Tobias Brunner
f9a42f828a
testing: Install traceroute utility in base image
...
It seems this was previously installed automatically.
2018-11-21 14:32:24 +01:00
Tobias Brunner
99f6457e53
testing: Only attempt to copy patches if there are any
2018-11-21 14:32:24 +01:00
Tobias Brunner
2fbe44bef3
testing: Remove TNC@FHH dependencies and scenarios that rely on them
...
While we could continue to use FreeRADIUS 2.x that branch is officially EOL.
So instead of investing time and effort in updating/migrating the patches to
FreeRADIUS 3.x (the module changed quite significantly as it relies solely on
the naeap library in that release), for a protocol that is superseded anyway,
we just remove these scenarios and the dependencies. Actually, the
complete rlm_eap_tnc module will be removed with FreeRADIUS 4.0.
2018-11-21 14:32:24 +01:00
Tobias Brunner
d3a59022dd
testing: Remove Apache config hacks for Debian wheezy
2018-11-21 14:32:24 +01:00
Tobias Brunner
af6e26ec08
testing: Support build with Debian stretch base image
...
Remove support for wheezy.
2018-11-21 14:32:24 +01:00
Andreas Steffen
ff3f09af45
Version bump to 5.7.2dr3
2018-11-12 16:24:53 +01:00
Andreas Steffen
b5747192bd
testing: Added botan/net2net-pkcs12 scenario
2018-11-12 13:51:01 +01:00
Andreas Steffen
440e6a03c1
testing: Migrated openssl-ikev2/net2net-pkcs12 scenario to swanctl
2018-11-12 13:46:16 +01:00
Andreas Steffen
836e870912
testing: Removed openssl-ikev2/rw-eap-tls-only scenario
2018-11-12 12:41:11 +01:00
Andreas Steffen
280cf56411
testing: Removed openssl-ikev2/net2net-pgp-v3 scenario
2018-11-12 12:35:37 +01:00
Andreas Steffen
e259ff3979
testing: migrated openssl-ikev2/critical-extension to swanctl
2018-11-12 11:50:05 +01:00
Andreas Steffen
97493cbe17
testing: Migrated openssl/rw-cert scenario to swanctl
2018-11-09 21:45:12 +01:00
Andreas Steffen
6617341390
testing: Migrated openssl-ikev2/ecdsa-pkcs8 scenario to swanctl
2018-11-09 16:38:33 +01:00
Andreas Steffen
6ea531d926
testing: Migrated openssl brainpool scenarios to swanctl
2018-11-09 15:00:26 +01:00
Andreas Steffen
1cab8ed5f8
testing: Migrated openssl alg-ecp-low scenarios to swanctl
2018-11-09 12:42:14 +01:00
Andreas Steffen
21735750df
testing: Migrated openssl alg-ecp-high scenarios
2018-11-09 11:52:59 +01:00
Andreas Steffen
a4c085978c
testing: Migrated openssl alg-camellia scenarios to swanctl
2018-11-09 10:02:26 +01:00
Andreas Steffen
873a6ab0ef
testing: Removed openssl alg-aes-gcm and alg-blowfish scenarios
2018-11-08 21:28:19 +01:00
Andreas Steffen
fcaa081825
testing: Removed openssl suite B scenarios
2018-11-08 21:23:10 +01:00
Andreas Steffen
99b66151fd
testing: Moved openssl ecdsa-certs scenarios to swanctl
2018-11-08 21:16:32 +01:00
Andreas Steffen
0e80eb235d
Version bump to 5.7.2dr2
2018-10-31 14:22:03 +01:00
Andreas Steffen
9be6dee6a4
botan: SHA-3 support
2018-10-30 16:06:15 +01:00
Tobias Brunner
ae271810dc
Use Botan 2.8.0 for tests
2018-10-30 15:08:31 +01:00
Tobias Brunner
a29f70e4fb
testing: Use AES-GCM for SSH connections
...
RC4, which was previously used for performance reasons, is not supported
anymore with newer versions of SSH (stretch still supports it, but it
requires explicit configuration on the guests when they act as clients
too - the version in Ubuntu 18.04 apparently doesn't support it anymore
at all).
AES-GCM should actually be faster (at least for larger amounts of data and
in particular with hardware acceleration).
2018-10-30 15:06:57 +01:00
Tobias Brunner
67fd36e884
testing: Avoid unnecessary rebuilds of components built from Git repos
...
Installing apparently changes the timestamp on the repo dir triggering make
to checkout and build the whole thing again.
2018-10-30 15:06:47 +01:00
Tobias Brunner
3a4372c1eb
testing: Disable predictable network interface names assigned by systemd/udev
2018-10-30 15:06:33 +01:00
Tobias Brunner
3fbeeef908
testing: Remove unused custom OIDs from openssl.cnf files
...
ClientAuthentication is known in OpenSSL 1.1 and the redefinition, therefore,
causes an error. These two OIDs are not used anyway in these config
files.
2018-10-30 15:03:34 +01:00
Andreas Steffen
e660f4579b
testing: Fixed evaluation in swanctl/rw-cert-pss scenario
2018-10-27 08:47:57 +02:00
Andreas Steffen
f5565683b9
Version bump to 5.7.2dr1
2018-10-26 18:47:48 +02:00
Andreas Steffen
534ab34df6
testing: Added botan/net2net-ed25519 scenario
2018-10-26 18:46:59 +02:00
Andreas Steffen
04ef28b4df
Version bump to 5.7.1
2018-10-01 17:46:17 +02:00
Andreas Steffen
2a327d438c
Version bump to 5.7.0
2018-09-24 11:10:12 +02:00
Andreas Steffen
1dd382b888
Version bump to 5.7.0rc2
2018-09-18 16:03:23 +02:00
Andreas Steffen
11b4a87050
Version bump to 5.7.0rc1
2018-09-16 09:30:18 +02:00
Andreas Steffen
9a4b47ef96
testing: Extended Botan scenarios
2018-09-16 09:30:18 +02:00
Andreas Steffen
72a6831e7c
testing: Added botan/rw-cert scenario
2018-09-12 16:25:00 +02:00
Tobias Brunner
a5c682e87d
testing: Enable Botan and the plugin
...
ldconfig is required, otherwise the library won't be found by
strongSwan in the same session.
Should later be changed to 2.8.0 or a newer stable release.
2018-09-12 16:25:00 +02:00
Tobias Brunner
d1c5e6816d
testing: Add some PPK scenarios
2018-09-10 18:04:23 +02:00
Andreas Steffen
a019c95b72
Version bump to 5.7.0dr8
2018-08-02 07:30:05 +02:00
Andreas Steffen
041efa6ed3
Version bump to 5.7.0dr6
2018-07-21 09:30:53 +02:00
Andreas Steffen
9a7a962348
Version bump to 5.7.0dr5
2018-07-19 14:57:18 +02:00
Tobias Brunner
75214fabd8
testing: Optionally build/install strongSwan only on a specific guest
...
This may be used to test different strongSwan versions against each
other.
2018-07-11 18:38:09 +02:00
Tobias Brunner
47ec761674
testing: Fix checks after changing fragmentation log messages
2018-07-09 17:15:07 +02:00
Tobias Brunner
df411bfa30
testing: The dhcp plugin uses the DHCP client port again by default
...
This reverts parts of commit becf027cd9
.
Fixes: 707b70725a
("dhcp: Only use DHCP server port if explicitly configured")
2018-07-05 18:14:54 +02:00
Tobias Brunner
1ecac75f37
testing: Fix IKE proposal in swanctl/net2net-gw scenario
...
Also simplify config by using references.
2018-06-28 18:46:42 +02:00
Tobias Brunner
2ad1df9571
Replace 'inacceptable' with the more common 'unacceptable'
2018-06-28 18:46:42 +02:00
Tobias Brunner
80c9ae4521
testing: Add wrapper for systemctl to collect leaks from charon-systemd
...
Similar to the wrapper around `service` added with 71d59af58a
, this
sets the variable only when running the automated tests.
2018-06-28 16:45:54 +02:00
Andreas Steffen
5b91e8c03c
Version bump to 5.7.0dr4
2018-06-22 11:21:02 +02:00
Andreas Steffen
424de401b4
testing: Added swanctl/rw-ed25519-certpol scenario
2018-06-22 10:39:40 +02:00
Andreas Steffen
711e0bdbe4
Version bumpt to 5.7.0dr3
2018-06-14 17:07:59 +02:00
Tobias Brunner
5cfd7311d0
testing: Print command output if test fails
...
This is quite helpful to debug why a pattern didn't match.
As it could produce quite a lot of output if something is not found in a
log file, the complete output is only printed in verbose mode, otherwise,
`head` is used to print the first 10 lines of output.
We only get stdout from SSH, so the stderr redirection is only really
for errors ssh itself produces.
2018-06-14 09:29:26 +02:00
Andreas Steffen
60719e39bf
testing: Fixed evaltest of tnc/tnccs-20-pdp-pt-tls scenario
2018-06-13 17:57:10 +02:00
Andreas Steffen
78584d7efc
Version bump to 5.7.0dr2
2018-06-13 17:07:58 +02:00
Andreas Steffen
295493f46f
testing: Renewed ECDSA certificates
2018-06-13 17:07:25 +02:00
Andreas Steffen
ce4b8f65d6
testing: Removed TCG SWID IMC/IMV scenarios
2018-06-12 21:47:39 +02:00
Andreas Steffen
a31f9b7691
libimcv: Removed TCG SWID IMC/IMV support
2018-06-12 21:47:39 +02:00
Andreas Steffen
3a8a9c7029
Version bump to 5.7.0dr1
2018-05-30 23:02:57 +02:00
Andreas Steffen
b2ab0995c1
Version bump to 5.6.3
2018-05-28 15:38:58 +02:00
Andreas Steffen
88205674e5
Version bump to 5.6.3rc1
2018-05-23 22:36:39 +02:00
Tobias Brunner
89bd016ef4
Fixed some typos, courtesy of codespell
2018-05-23 16:33:02 +02:00
Andreas Steffen
26b45beda9
Version bump to 5.6.3dr2
2018-05-22 21:58:32 +02:00
Tobias Brunner
9746c308ff
testing: Add ikev2/multi-level-ca-skipped scenario
2018-05-22 09:50:47 +02:00
Tobias Brunner
7b660944b6
dhcp: Only send client identifier if identity_lease is enabled
...
The client identifier serves as unique identifier just like a unique MAC
address would, so even with identity_leases disabled some DHCP servers
might assign unique leases per identity.
2018-05-18 18:04:01 +02:00
Tobias Brunner
becf027cd9
dhcp: Bind server port when a specific server address is specified
...
DHCP servers will respond to port 67 if giaddr is non-zero, which we set
if we are not broadcasting. While such messages are received fine via
RAW socket the kernel will respond with an ICMP port unreachable if no
socket is bound to that port. Instead of opening a dummy socket on port
67 just to avoid the ICMPs we can also just operate with a single
socket, bind it to port 67 and send our requests from that port.
Since SO_REUSEADDR behaves on Linux like SO_REUSEPORT does on other
systems we can bind that port even if a DHCP server is running on the
same host as the daemon (this might have to be adapted to make this work
on other systems, but due to the raw socket the plugin is not that portable
anyway).
2018-05-18 18:04:01 +02:00
Andreas Steffen
69ee158e2a
Version bump to 5.6.3dr1
2018-04-19 16:34:06 +02:00
Andreas Steffen
51d5b35f51
testing: Fixed ikev2/alg-chacha20poly1305 scenario
2018-04-19 16:33:04 +02:00
Matt Selsky
c8f45e4573
testing: Fix typo in sysctl.conf file
...
Closes strongswan/strongswan#97 .
2018-04-03 09:55:05 +02:00
Tobias Brunner
dc2dfedda9
testing: Use HA patch compatible with 4.15.6+
2018-03-08 10:07:33 +01:00
Tobias Brunner
39e860ea34
testing: Use a HA patch that's actually compatible with 4.15 kernels
2018-03-07 17:16:54 +01:00
Tobias Brunner
0f785f6be8
testing: Revert typo fix in FreeRADIUS patch
...
Fixes: 2db6d5b8b3
("Fixed some typos, courtesy of codespell")
Fixes #2582 .
2018-03-07 16:39:37 +01:00
Andreas Steffen
68c00bc839
Version bump to 5.6.2
2018-02-19 12:59:37 +01:00
Andreas Steffen
0bb4d2179d
Version bump to 5.6.2rc1
2018-02-16 13:37:00 +01:00
Andreas Steffen
22157b8163
testing: Enable counters and save-keys plugins
2018-02-16 13:36:44 +01:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
ad14f2084e
testing: Add ikev2/mobike-virtual-ip-nat scenario
...
This tests moving from a public IP behind a NAT and back (with proper
changes of the UDP encapsulation).
2018-02-09 11:21:02 +01:00
Adrian-Ken Rueegsegger
fcff3808b4
charon-tkm: Update to latest Anet version
2018-02-08 17:01:38 +01:00
Andreas Steffen
476200ecc6
Version bump to 5.6.2dr4
2018-02-03 11:05:21 +01:00
Tobias Brunner
4492c9c670
testing: Ignore IP-in-IP SAs created with IPComp SAs that remain in the kernel
...
The kernel creates such SAs to handle uncompressed small packets. They
are implicitly created and deleted with IPComp SAs. The problem is that
when we delete an IPComp SA only that state is deleted and removed from
the SA lists immediately, the IP-in-IP state is not removed until the IPComp
state is eventually destroyed. This could take a while if there are still
references to it around. So the IP-in-IP states will keep getting reported
by ip xfrm state until that happens (we also can't flush or explicitly delete
such kernel-created states).
In kernels before 4.14 this wasn't really a problem but since
ec30d78c14a8 ("xfrm: add xdst pcpu cache") the kernel seems to keep the
references to the last used SAs around a lot longer.
Also, usually a test scenario following an IPComp scenario will create
and use new SAs and thus the cached SAs will disappear before the kernel
state is checked again. However, if a following scenario uses different
hosts the states might remain, which caused some unrelated scenarios to
fail before adding this fix.
2018-02-01 17:10:19 +01:00
Andreas Steffen
3c5b010f5b
testing: Added Linux 4.14 and 4.15 config files
2018-01-31 21:32:45 +01:00
Tobias Brunner
351a08e1ff
testing: Fix swanctl --list-sas checks in some scenarios
...
::YES was missing (or written as ::YES]) rendering those checks void.
Turns out some of them actually were wrong.
2017-12-22 10:22:47 +01:00
Tobias Brunner
b3a793541d
testing: Add route-based/net2net-gre scenario
2017-12-22 10:22:47 +01:00
Tobias Brunner
f007bc9ff4
testing: Enable GRE support in 4.13 config
...
Also enables IPv6 support for VTI devices.
2017-12-22 10:22:47 +01:00
Robin McCorkell
e71593d91c
testing: Add route-based/net2net-vti scenario
2017-12-22 10:22:47 +01:00
Robin McCorkell
ff7129ee6a
testing: Added route-based/rw-shared-vti-ip6-in-ip4 scenario
2017-12-22 10:22:47 +01:00
Robin McCorkell
a35416af1c
testing: Added route-based/rw-shared-vti scenario
2017-12-22 10:22:47 +01:00
Robin McCorkell
95deada184
testing: Enable VTI module in kernel config
2017-12-22 10:22:47 +01:00
Robin McCorkell
82b91e113a
testing: Override user environment PATH in chroot
...
chroot will capture the user environment's PATH variable, which may be
wrong (e.g. not include /bin:/sbin, as it is on Arch). We should set a
known-working PATH variable in the chroot.
2017-12-22 10:22:47 +01:00
Andreas Steffen
344e1b6060
Version bump to 5.6.2dr3
2017-12-13 08:54:54 +01:00
Andreas Steffen
5d3eb57cfd
Version bump to 5.6.2dr2
2017-12-10 21:42:02 +01:00
Andreas Steffen
4f60b72a81
Version bump to 5.6.2dr1
2017-12-05 22:23:43 +01:00
Tobias Brunner
8517a0edb4
testing: Explicitly deliver all test results as text/plain
2017-11-28 16:17:50 +01:00
Andreas Steffen
203a86ecb8
Version bump to 5.6.1
2017-11-17 22:42:28 +01:00
Andreas Steffen
f60b08ba0d
testing: Added swanctl/rw-cert-pss scenario
2017-11-17 22:42:07 +01:00
Tobias Brunner
ce4aebe00a
testing: Configure logging via syslog in strongswan.conf
...
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
2017-11-15 17:24:04 +01:00
Tobias Brunner
d24d26c4bc
testing: Disable logging via journal in charon-systemd
...
This avoids duplicate log messages as we already log via syslog to get
daemon.log.
2017-11-15 17:12:09 +01:00
Tobias Brunner
be214cb17e
testing: Globally define logging via syslog for charon-systemd
...
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
2017-11-15 17:09:55 +01:00
Andreas Steffen
859cb93d28
testing: Do not remove all swanctl subdirectories
2017-11-11 19:23:01 +01:00
Andreas Steffen
b20bf062e8
Version bump to 5.6.1rc1
2017-11-11 18:25:17 +01:00
Andreas Steffen
13a3f20f2e
testing: Converterd tnc to systemd
2017-11-11 16:41:16 +01:00
Andreas Steffen
323f0b05d7
testing: Converted sql to systemd
2017-11-11 16:41:15 +01:00
Andreas Steffen
70dc5bb8ad
testing: Converted swanctl to systemd
2017-11-11 16:41:15 +01:00
Andreas Steffen
65f74cd13d
testing: Added legacy ipv6-stroke scenarios
2017-11-11 16:41:15 +01:00
Andreas Steffen
4402013f05
testing: Converted ipv6/rw-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:51 +01:00
Andreas Steffen
b3ccfcd05e
testing: Converted ipv6/rw-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
da5aa6ae6a
testing: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
12dbca721e
testing: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
f0476c4a82
testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
96d7d9392f
testing: Converted ipv6/rw-compress-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
34acd584e5
testing: Converted ipv6/rw-psk-ikev2 to swanctl
2017-11-10 11:49:49 +01:00
Andreas Steffen
0770b37f8f
testing: Converted ipv6/rw-psk-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
ffe0d82c03
testing: Converted ipv6/rw-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
a96238a0d0
testing: Converted ipv6/rw-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
8215681a4a
testing: Converted ipv6/net2net-rfc3779-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
04b79bc98c
testing: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
fd3f6871c9
testing: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
f57ca13e28
testing: Converted ipv6/transport-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
4ae1f7c0e3
testing: Converted ipv6/transport-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
7812b6e6cf
testing: Converted ipv6/net2net-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
e94db2b4ad
testing: Converted ipv6/net2net-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
47ec3326e7
testing: Converted ipv6/host2host-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
087b027f88
testing: Converted ipv6/host2host-ikev1 to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
0a6f8644ef
testing: Removed libipsec/rw-suite-b
2017-11-10 11:49:39 +01:00
Andreas Steffen
9375c9c9db
testing: Converted libipsec/net2net-null to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
86d1b7a14d
testing: Converted libipsec/net2net-cert-ipv6 to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
c3b8778fc9
testing: Converted libipsec/net2net-cert to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
de42a67b79
testing: Converted libipsec/net2net-3des to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
6922d5e56a
testing: Converted libipsec/host2host-cert to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
3659fda1a5
testing: Converted gcrypt-ikev2 to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
b46deb8107
testing: Converted gcrypt-ikev1 to systemd
2017-11-10 11:49:38 +01:00
Andreas Steffen
88a950d915
testing: Converted af-alg to systemd
2017-11-10 11:49:38 +01:00
Andreas Steffen
67a97c18ae
testing: Enable systemd
2017-11-10 11:49:38 +01:00
Andreas Steffen
804784cc1c
testing: Updated some descriptions
2017-11-10 11:49:38 +01:00
Tobias Brunner
7fdad3bb97
testing: Fix output matching of lease time in ipsec pool utility
2017-11-02 11:32:52 +01:00
Andreas Steffen
a9fb529b84
Version bump to 5.6.1dr3
2017-09-26 22:43:38 +02:00
Tobias Brunner
98e7285394
testing: Add libipsec/net2net-cert-ipv6 scenario
2017-09-18 10:28:54 +02:00
Andreas Steffen
c80cec2d5e
Version bump to 5.6.1dr2
2017-09-13 16:56:45 +02:00
Tobias Brunner
82088028d8
testing: Reduce log level of SSH client
...
This should suppress the "Permanently added ... to the list of known
hosts" warnings that occasionally come up for no apparent reason.
2017-09-04 11:16:00 +02:00
Andreas Steffen
d43b84dcb4
Version bump to 5.6.1dr1
2017-09-01 13:49:09 +02:00
Andreas Steffen
fc373b64a6
imv-os: Updated security update evaluation
2017-09-01 12:42:24 +02:00
Andreas Steffen
076aac7069
imv-attestation: Fixed file hash measurements
...
The introduction of file versions broke file hash measurements.
This has been fixed by using a generic product versions having an
empty package name.
2017-09-01 10:51:15 +02:00
Tobias Brunner
936db031c7
testing: Make removal of SWID tags work with different releases
...
The regid.2004-03.org.strongswan directory might not exist in new images.
2017-08-16 10:51:15 +02:00
Andreas Steffen
9cc37212c6
Version bump to 5.6.0
2017-08-14 10:07:47 +02:00
Andreas Steffen
d35183e33e
Version bump to 5.6.0rc2
2017-08-09 14:23:28 +02:00
Andreas Steffen
285c077d2c
Version bump to 5.6.0rc1
2017-08-07 18:25:52 +02:00
Tobias Brunner
c11d13c4b9
testing: Add -v option to do-tests to prefix commands with timestamps
2017-08-07 16:55:45 +02:00
Tobias Brunner
f058804df8
testing: Move collector.db in tnc/tnccs-20-ev-pt-tls scenario to /etc/db.d
...
Also move initialization to the pretest script (it's way faster in the
in-memory database).
2017-08-07 16:55:45 +02:00
Tobias Brunner
772957778c
charon-tkm: Call esa_reset() when the inbound SA is deleted
...
After a rekeying the outbound SA and policy is deleted immediately, however,
the inbound SA is not removed until a few seconds later, so delayed packets
can still be processed.
This adds a flag to get_esa_id() that specifies the location of the
given SPI.
2017-08-07 10:46:00 +02:00
Tobias Brunner
f0d051f192
testing: Also capture stderr during test cases
...
The output was not correct otherwise due to the reordering of commands.
2017-08-07 10:44:05 +02:00
Tobias Brunner
87c6247e0d
testing: Clearly mark the tests that failed
2017-08-07 10:44:05 +02:00
Tobias Brunner
5163bd4b86
testing: Add tkm/xfrmproxy-rekey scenario
...
Similar to the xfrmproxy-expire scenario but here the TKM host is the
responder to a rekeying.
2017-08-07 10:44:05 +02:00
Tobias Brunner
a721b9c53d
testing: Add pfkey/net2net-rekey scenario
2017-08-07 10:44:05 +02:00
Tobias Brunner
37a91758c9
testing: Add ikev2/net2net-rekey scenario
2017-08-07 10:44:05 +02:00
Tobias Brunner
99cf64e960
testing: Add support for counting matching lines in tests
...
Specifying an integer instead of YES in evaltest.dat causes the number to get
compared against the actual number of lines matching the pattern.
This may be used to count matching packets or log lines.
2017-08-07 10:44:05 +02:00
Andreas Steffen
f0ae8c1761
Version bump to 5.6.0dr4
2017-08-04 21:15:45 +02:00
Andreas Steffen
808be1d57f
testing: Added tnc/tnccs-20-ev-pt-tls scenario
2017-08-04 19:15:51 +02:00
Andreas Steffen
05f8e64d79
Version bump to 5.6.0dr3
2017-07-18 20:53:35 +02:00
Andreas Steffen
a3b3538630
testing: Fixed the path of pt-tls-client
2017-07-18 20:43:03 +02:00
Andreas Steffen
693705c74e
Version bump to 5.6.0dr2
2017-07-13 14:24:32 +02:00
Andreas Steffen
991703007a
Version bump to 5.6.0dr1
...
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
2017-07-08 23:21:56 +02:00
Andreas Steffen
23e0d6dca3
testing: Added tnc/tnccs-20-nea-pt-tls scenario
2017-07-08 23:19:51 +02:00
Andreas Steffen
facf1c76ea
testing: Adaptation to ISO 19770-2:2015 SWID standard
2017-07-08 23:19:51 +02:00
Andreas Steffen
88b941939f
testing: Fixed typo in openssl-ikev2/rw-suite-b-192 scenario
2017-07-08 23:19:18 +02:00
Tobias Brunner
49917f0028
testing: Support running multiple tests with * as wildcard (e.g. ikev2/ocsp-*)
2017-07-07 09:23:14 +02:00
Andreas Steffen
65ce7ec0c4
Version bump to 5.5.3
2017-05-29 12:02:48 +02:00
Tobias Brunner
71d59af58a
testing: Add wrapper around service command
...
When charon is started via service command LEAK_DETECTIVE_LOG is not set
because the command strips the environment. Since we only want the
variable to be set during the automated test runs we can't just set it
in /etc/default/charon. Instead, we do so in this wrapper when charon is
started and remove the variable again when it is stopped.
2017-05-26 16:28:16 +02:00
Tobias Brunner
b2473e94a2
Fixed some typos, courtesy of codespell
2017-05-26 14:44:06 +02:00
Andreas Steffen
2d5a79bf59
testing: Added swanctl/rw-eap-md5-id-rsa scenario
2017-05-26 14:36:25 +02:00
Tobias Brunner
0da10b73ad
testing: Fix ikev2/two-certs scenario
...
Since 6a8a44be88
the certificate received by the client is verified
first, before checking the cached certificates for any with matching
identities. So we usually don't have to attempt to verify the signature
with wrong certificates first and can avoid this message.
2017-05-26 13:55:32 +02:00
Tobias Brunner
4d0795bcef
testing: Avoid expiration of allocated SPIs due to low retransmission settings
2017-05-23 18:05:58 +02:00
Andreas Steffen
a5f7a4c790
Version bump to 5.3.3dr2
2017-05-08 22:38:12 +02:00
Andreas Steffen
d38d1fcd68
Version bump to 5.5.3dr1
2017-04-26 21:29:42 +02:00
Andreas Steffen
25217488d2
testing: Created swanctl/rw-eap-aka-sql-rsa scenario
2017-04-26 20:38:23 +02:00