0ed31e7284
Add a stub for systime-fix, a plugin handling certificate lifetimes gracefully
2013-02-19 14:49:38 +01:00
de399f550d
Add a cert_validator hook allowing plugins to provide custom lifetime checking
2013-02-19 14:31:18 +01:00
790e00aaa9
Make cert_validator_t.validate optional to implement
2013-02-19 14:31:18 +01:00
d830174e3c
version bump to 5.0.2
2013-01-30 07:51:44 +01:00
c186b3940a
Documented new options in strongswan.conf(5) man page
2013-01-25 20:22:20 +01:00
58fd1f3eef
Don't use pointer to a union member in host_create_from_string_and_family()
2013-01-25 13:18:50 +01:00
572a707765
Properly check MSB in openssl plugin's PKCS#7 implementation
2013-01-24 23:36:02 +01:00
9ccfeb8ca1
Use proper buffer sizes for parse_smartcard()
2013-01-24 23:35:42 +01:00
677812dc66
Cast first argument for %.*s to int
2013-01-24 23:35:42 +01:00
bacbf91c5c
Removed unused command name when printing usage info for lookip
2013-01-24 23:35:41 +01:00
d7bd0ad7df
Removed unused argument
2013-01-24 23:35:34 +01:00
4cd3fb788d
Properly read data from stream in pki --pkcs7
2013-01-24 19:13:41 +01:00
27a814b527
Properly destroy mem_cred object on pki --pkcs7 --help
2013-01-24 19:13:41 +01:00
39896d92ed
Try to determine OS type if name and version are configured
2013-01-24 19:13:41 +01:00
24cdf5340e
Add missing va_end() call
2013-01-24 19:13:41 +01:00
69c6a60176
g_thread_init() is deprecated since Glib 2.23
2013-01-24 19:13:40 +01:00
2ec3552fce
Fix check-in of IKE_SA when IKE_SA_INIT fails and hash table is enabled
...
Setting the responder SPI to 0 can only be done while generating the
response, otherwise we'd fail to check in the IKE_SA again in case the
hash table is enabled. That's because we use the responder SPI as hash
value since 5.0.0.
2013-01-24 19:13:40 +01:00
a25047e412
Return SS_RC_INITIALIZATION_FAILED if pid file exists
...
Let charon return SS_RC_INITIALIZATION_FAILED if an existing pid file is found.
Starter only terminates itself if the result code of the daemon is a valid
SS_RC_* value.
2013-01-23 15:59:21 +01:00
4eb09d14e2
Avoid a deadlock when installing a trap policy failed
2013-01-23 15:51:47 +01:00
8d631ebabd
Encode IETF Numeric Version Service Pack Version with two byte words
2013-01-22 14:45:56 +01:00
113ff13322
starter: Add --attach-gdb option to usage text
2013-01-22 11:03:19 +01:00
cf3c72c480
Fix IKE SA inherit API doc
2013-01-22 11:02:20 +01:00
325efdaca8
Filter TS list for Split-Includes before printing them to debug log
2013-01-21 12:15:51 +01:00
ae82265a46
Add the ability to use a named pool for conftest configs
2013-01-21 11:46:20 +01:00
d82372fab8
Removed INSTALL from EXTRA_DIST
2013-01-17 23:20:37 +01:00
0c006341f3
Merge branch 'debian-testing'
...
These changes update the integration test system. It previously was based
on a pretty much unmaintainable Gentoo root image and the dated UML
virtualization technology. Among many other changes the test environment
is now based on KVM and uses reproducible Debian-based guest images.
Conflicts:
NEWS
2013-01-17 17:00:05 +01:00
737912239f
NEWS about updated integration tests added
2013-01-17 16:56:02 +01:00
232af2fab5
Updated documentation for the integration tests
2013-01-17 16:56:02 +01:00
812cd9c18a
Removed UML from description of ikev2/default-keys test
2013-01-17 16:56:02 +01:00
b1169a880a
Updated comments in test.conf of all tests
2013-01-17 16:56:02 +01:00
7699a928f7
Renamed $UMLHOSTS to $VIRTHOSTS
2013-01-17 16:56:02 +01:00
88bffacfdc
Drop vim swap file
2013-01-17 16:55:04 +01:00
f3db566983
Enforce reception of multicast traffic on virbr[1|2]
...
This is needed to let the ha/both-active test pass.
2013-01-17 16:55:04 +01:00
41943e9c1b
Make core dumps work
...
Core dumps are written to the /var/local/dumps directory.
2013-01-17 16:55:04 +01:00
e3a3013323
Append seconds to TESTDATE
...
This avoids 'file exists' warnings when running tests multiple times in
one minute.
2013-01-17 16:55:04 +01:00
2c4954ad24
Switch to 'mapped' access mode for hostfs
...
Passthrough mode only works as expected when running as root. On
Debian/Ubuntu systems qemu runs as user 'libvirt-qemu' and group 'kvm'
so all shared files must be chowned to grant access from guests.
Symlinks created on the host are still problematic because the Plan 9
filesystem has no direct notion of symbolic links, see [1].
[1] - http://ericvh.github.com/9p-rfc/rfc9p2000.u.html
2013-01-17 16:55:04 +01:00
677795c3e7
Make guest ACPI shutdown work
2013-01-17 16:55:03 +01:00
c25f850601
Drop obsolete Gentoo dhcpd init script
2013-01-17 16:55:03 +01:00
530f7b8421
No need to enable ip_forward in pretest files
...
It is enabled by default now.
2013-01-17 16:55:03 +01:00
49b1655ae1
Auto-create symlink to testing directory in workdir
2013-01-17 16:55:03 +01:00
44e533b88e
converted ha/both-active iptables scenario
2013-01-17 16:55:03 +01:00
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
a0ffe67fab
converted all p2pnat iptables scenarios
2013-01-17 16:55:02 +01:00
b27836412b
Rename UML to KVM tests
2013-01-17 16:55:02 +01:00
472a411aa8
converted all tnc iptables scenarios
2013-01-17 16:55:02 +01:00
4aa32cc3fe
List daemon.log on $RADIUSHOSTS
2013-01-17 16:55:02 +01:00
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
136f74161b
converted all sql iptables scenarios
2013-01-17 16:55:02 +01:00
6fff9d9ace
converted all pfkey iptables scenarios
2013-01-17 16:55:01 +01:00
8fbb9458d6
converted all openssl-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
Martin Willi