dee01d019b
testing: Only load selected plugins in swanctl
...
The main issue is that the ldap and curl plugins, or rather the libraries
they use, initialize GnuTLS (curl, strangely, even when it is, by its own
account, linked against OpenSSL). Some of these allocations are only freed
once the libraries are unloaded. This means that the leak detective causes
invalid frees when swanctl is terminated and libraries are unloaded after the
leak detective is already deinitialized.
2016-06-20 18:23:45 +02:00
eb25b1a73d
testing: Fix expect-connection for tkm tests
...
We don't use swanctl there but there is no load statement either.
2016-06-16 14:35:26 +02:00
5c71cbfa94
testing: Add root to fstab
...
This seems to be required for systemd to remount it.
2016-06-15 16:24:44 +02:00
1c616eccae
testing: Update Apache config for newer Debian releases
...
It is still compatible with the current release as the config in
sites-available will be ignored, while conf-enabled does not exist and
is not included in the main config.
2016-06-15 16:24:44 +02:00
2b0a6811ab
testing: Explicitly enable RC4 in SSH server config
...
Newer OpenSSH versions disable this by default because it's unsafe.
Since this is not relevant for our use case we enable it due to its
speed.
2016-06-15 16:24:44 +02:00
76397efa21
testing: Disable leak detective when generating CRLs
...
GnuTLS, which can get loaded by the curl plugin, does not properly cleanup
some allocated memory when deinitializing. This causes invalid frees if
leak detective is active. Other invalid frees are related to time
conversions (tzset).
References #1382 .
2016-04-06 11:16:59 +02:00
d163aa5eaf
testing: Generate a CRL that has moon's actual certificate revoked
2016-03-10 11:07:15 +01:00
9db530493f
testing: Change sql scenarios to swanctl
2016-01-03 06:28:48 +01:00
b77e25c381
testing: The expect-connection helper may use swanctl to check for connections
...
Depending on the plugin configuration in the test scenario either
`ipsec statusall` or `swanctl --list-conns` is used to check for a named
connection.
2015-12-11 18:26:53 +01:00
dddb32329c
testing: Updated expired mars.strongswan.org certificate
2015-11-26 09:55:28 +01:00
8713e32435
testing: Only send two retransmits after 1 second each to fail negative tests earlier
2015-11-09 15:18:34 +01:00
9a0871ab94
testing: Add a base strongswan.conf file used by all hosts in all scenarios
...
We will use this to set some defaults (e.g. timeouts to make testing
negative tests quicker). We don't want these settings to show up in the
configs of the actual scenarios though.
2015-11-09 15:18:34 +01:00
a98360a64c
testing: BLISS CA uses SHA-3 in its CRL
2015-11-03 21:35:09 +01:00
626b2e85f0
testing: Update AAA certificate on Freeradius as well
2015-08-05 10:01:21 +02:00
9b1eaf083f
testing: Updated expired AAA server certificate
2015-08-04 21:50:01 +02:00
fbcac07043
testing: Regenerated BLISS certificates due to oracle changes
2015-07-27 22:09:08 +02:00
aaeb524cea
testing: Updated loop ca certificates
2015-07-22 17:11:00 +02:00
362e87e3e0
testing: Updated carol's certificate from research CA and dave's certificate from sales CA
2015-04-26 16:52:06 +02:00
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
5028644943
Updated RFC3779 certificates
2014-12-28 12:53:16 +01:00
c44f481ae0
Updated BLISS scenario keys and certificates to new format
2014-12-12 12:00:20 +01:00
c02ebf1ecd
Renewed expired certificates
2014-11-29 14:51:18 +01:00
43d9247599
Created ikev2/rw-ntru-bliss scenario
2014-11-29 14:51:18 +01:00
b7b2f9379d
testing: Enable virtio console for guests
...
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729 .
2014-10-10 19:03:28 +02:00
030295dd44
testing: Updated swanctl certificates and keys
2014-10-03 12:50:08 +02:00
1bab64e7cb
testing: Update public keys and certificates in DNS zone
2014-10-03 12:44:13 +02:00
51da5b920b
Generated new test certificates
2014-08-28 21:34:40 +02:00
b09016377a
Define default swanctl credentials in hosts directory
2014-06-10 16:19:00 +02:00
2721832a45
First swanctl scenario
2014-06-01 21:12:15 +02:00
2382d45b1c
Test SWID REST API ins tnc/tnccs-20-pdp scenarios
2014-05-31 21:25:46 +02:00
edd2ed860f
Renewed expired user certificate
2014-04-15 09:28:37 +02:00
7afd217ff9
Renewed self-signed OCSP signer certificate
2014-03-27 22:52:11 +01:00
bee64a82d7
Updated expired certificates issued by the Research and Sales Intermediate CAs
2014-03-24 23:38:45 +01:00
2d79f6d81e
Renewed revoked Research CA certificate
2014-03-22 15:16:15 +01:00
9942e43dc6
testing: Use installed PTS SQL schema and data instead of local copy
2014-02-12 14:08:34 +01:00
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
eeaa8a2417
Added TPMRA workitem support in PTS database
2014-01-16 01:46:55 +01:00
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
cae778147a
Define aaa.strongswan.org in /etc/hosts
2013-10-11 20:16:59 +02:00
a4d6a5a359
testing: Provide moon's and sun's certificate as CERT RR
2013-10-11 15:45:42 +02:00
71d468ec90
testing: Allow AH packets in default INPUT/OUTPUT chains
2013-10-11 10:15:22 +02:00
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
4c961168cc
Updated PTS database scheme to new workitems model
2013-07-29 11:41:47 +02:00
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
9ea77350ce
Fixed index.txt for strongSwan EC CA
2013-07-01 11:01:11 +02:00
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
c6e1eda6d0
testing: Set terminal title when logging in via SSH
...
Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.
2013-05-15 10:35:48 +02:00
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
7b702150a0
Add expect-file guest image script
...
This script can be used in pretest.dat files to wait until a given file
appears.
2013-03-19 15:23:50 +01:00
0e1d008d71
Add /usr/local/lib/ipsec to linker cache
2013-03-19 15:23:50 +01:00
d7eec03815
removed unneeded DS files
2013-03-05 09:08:25 +01:00
37c589f0e0
Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and root zones
2013-02-19 12:25:01 +01:00
41943e9c1b
Make core dumps work
...
Core dumps are written to the /var/local/dumps directory.
2013-01-17 16:55:04 +01:00
2c4954ad24
Switch to 'mapped' access mode for hostfs
...
Passthrough mode only works as expected when running as root. On
Debian/Ubuntu systems qemu runs as user 'libvirt-qemu' and group 'kvm'
so all shared files must be chowned to grant access from guests.
Symlinks created on the host are still problematic because the Plan 9
filesystem has no direct notion of symbolic links, see [1].
[1] - http://ericvh.github.com/9p-rfc/rfc9p2000.u.html
2013-01-17 16:55:04 +01:00
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
b27836412b
Rename UML to KVM tests
2013-01-17 16:55:02 +01:00
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
9b4477d5b8
activated iptables in some ikev2 scenarios
2013-01-17 16:55:00 +01:00
0593b6c975
Export compile directory to guests
...
Use 9p over virtio to share files on the host with the guest domains.
The files are accessible in the guests /hostfs directory.
2013-01-17 16:54:58 +01:00
b351656cc7
Disable checksum offloading on moon's eth1 interface
...
Disable checksum offloading on eth1 because it does not currently work
with virtio and the isc-dhcp-server running on venus, see [1].
[1] - https://bugs.mageia.org/show_bug.cgi?id=1243
2013-01-17 16:54:57 +01:00
bd4c6122a4
Add ssh config to guest root account
2013-01-17 16:54:56 +01:00
76ccd25a05
Add expect-connection guest image script
...
This script can be used in pretest.dat files to wait until an IPsec
connection becomes available. This avoids unconditional sleeps and
improves test performance.
The ipv6 tests have been updated to use the expect-connection script.
2013-01-17 16:54:55 +01:00
261cf0e395
Drop build-hostconfig script
...
Use processed host configurations directly instead.
2013-01-17 15:22:10 +01:00
18bce26ea6
Use key(and password-)less SSH authentication
2013-01-17 15:22:09 +01:00
766466b8d1
Adapt host configuration
...
Adapt the configuration of the test hosts to the new Debian-based
system.
2012-12-18 16:00:21 +01:00
5d476b4266
updated default configuration of UML hosts to 5.0.0
2012-06-25 13:04:55 +02:00
2be46da56d
added nonce plugin in default host configurations
2012-05-25 17:00:03 +02:00
bd360b3911
keep a copy of refreshed carolCert-ocsp.pem
2012-03-15 07:59:42 +01:00
ebf292bad0
refreshed carolCert-ocsp.pem
2012-03-15 07:58:35 +01:00
448fc5091f
updated strong certificates
2011-10-17 18:04:12 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
13a7f5f3e3
added certificate_authorities and certificate_distribution_points tables
2010-12-05 11:30:06 +01:00
2da636fd9b
support of reqid field in SQL database
2010-12-05 11:21:40 +01:00
cbdcca7fd7
renamed algorithm to proposal
2010-11-30 17:38:49 +01:00
f4e5acef3a
store IKE and ESP proposals in SQL database
2010-11-30 17:03:21 +01:00
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
841b2b3ee9
created certificate and /etc/hosts entry for virtual gateway mars
2010-11-20 18:20:23 +01:00
84babfb895
define explicit IKEv1 key exchange mode
2010-10-07 07:31:44 +02:00
c0cecc0a0e
added radius init script mit increased debugging
2010-09-02 22:19:37 +02:00
91ea48352c
testing: Adding kernel-netlink to pluto.load statements.
2010-09-02 19:04:22 +02:00
8e7920eea1
generated aaa certificate
2010-08-04 12:44:47 +02:00
ab635e029e
updated SQL templates to support attribute pool and identity parameters
2010-07-12 20:28:34 +02:00
ec7adea007
Added support for named attribute groups
...
Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.
2010-07-09 13:09:31 +02:00
36b3c0a8dd
regenerated loop intermediate CA certificates
2010-07-03 18:18:30 +02:00
b2be7dd621
remove stray carolReq.pem
2010-06-05 13:36:39 +02:00
ee1bdd85d3
it's too late on Saturday evening
2010-05-15 18:52:59 +02:00
3399c3dca0
roll back some changes
2010-05-15 18:48:35 +02:00
31b39e5f7c
encoding of MODE_TUNNEL changed
2010-05-15 18:36:14 +02:00
bcd20cc987
added ikev2/dhcp-dynamic scenario
2010-04-23 11:52:37 +02:00
355c3a66b1
When logging to the database, the IDs of an IKE SA are initially NULL.
2010-04-12 13:51:10 +02:00
9391b485f7
updated DER versions of research and sales CAs
2010-04-11 22:00:01 +02:00
c3379af391
removed whitespace
2010-04-07 13:07:11 +02:00
ef4aa67bf7
generated new research and sales CA certs for carol and dave, respectively
2010-04-07 13:05:17 +02:00
586c137016
prolonged Research and Sales CA certs
2010-04-06 12:05:39 +02:00
b49cbd68a6
added dave2 and carol2 entries to /etc/hosts
2010-04-05 12:50:07 +02:00
3cfbc91a98
renewed Authorization Authority certificate
2010-02-27 22:16:36 +01:00
Tobias Brunner