Tobias Brunner
dee01d019b
testing: Only load selected plugins in swanctl
...
The main issue is that the ldap and curl plugins, or rather the libraries
they use, initialize GnuTLS (curl, strangely, even when it is, by its own
account, linked against OpenSSL). Some of these allocations are only freed
once the libraries are unloaded. This means that the leak detective causes
invalid frees when swanctl is terminated and libraries are unloaded after the
leak detective is already deinitialized.
2016-06-20 18:23:45 +02:00
Tobias Brunner
eb25b1a73d
testing: Fix expect-connection for tkm tests
...
We don't use swanctl there but there is no load statement either.
2016-06-16 14:35:26 +02:00
Tobias Brunner
5c71cbfa94
testing: Add root to fstab
...
This seems to be required for systemd to remount it.
2016-06-15 16:24:44 +02:00
Tobias Brunner
1c616eccae
testing: Update Apache config for newer Debian releases
...
It is still compatible with the current release as the config in
sites-available will be ignored, while conf-enabled does not exist and
is not included in the main config.
2016-06-15 16:24:44 +02:00
Tobias Brunner
2b0a6811ab
testing: Explicitly enable RC4 in SSH server config
...
Newer OpenSSH versions disable this by default because it's unsafe.
Since this is not relevant for our use case we enable it due to its
speed.
2016-06-15 16:24:44 +02:00
Tobias Brunner
76397efa21
testing: Disable leak detective when generating CRLs
...
GnuTLS, which can get loaded by the curl plugin, does not properly cleanup
some allocated memory when deinitializing. This causes invalid frees if
leak detective is active. Other invalid frees are related to time
conversions (tzset).
References #1382 .
2016-04-06 11:16:59 +02:00
Tobias Brunner
d163aa5eaf
testing: Generate a CRL that has moon's actual certificate revoked
2016-03-10 11:07:15 +01:00
Andreas Steffen
9db530493f
testing: Change sql scenarios to swanctl
2016-01-03 06:28:48 +01:00
Tobias Brunner
b77e25c381
testing: The expect-connection helper may use swanctl to check for connections
...
Depending on the plugin configuration in the test scenario either
`ipsec statusall` or `swanctl --list-conns` is used to check for a named
connection.
2015-12-11 18:26:53 +01:00
Andreas Steffen
dddb32329c
testing: Updated expired mars.strongswan.org certificate
2015-11-26 09:55:28 +01:00
Tobias Brunner
8713e32435
testing: Only send two retransmits after 1 second each to fail negative tests earlier
2015-11-09 15:18:34 +01:00
Tobias Brunner
9a0871ab94
testing: Add a base strongswan.conf file used by all hosts in all scenarios
...
We will use this to set some defaults (e.g. timeouts to make testing
negative tests quicker). We don't want these settings to show up in the
configs of the actual scenarios though.
2015-11-09 15:18:34 +01:00
Andreas Steffen
a98360a64c
testing: BLISS CA uses SHA-3 in its CRL
2015-11-03 21:35:09 +01:00
Andreas Steffen
626b2e85f0
testing: Update AAA certificate on Freeradius as well
2015-08-05 10:01:21 +02:00
Andreas Steffen
9b1eaf083f
testing: Updated expired AAA server certificate
2015-08-04 21:50:01 +02:00
Andreas Steffen
fbcac07043
testing: Regenerated BLISS certificates due to oracle changes
2015-07-27 22:09:08 +02:00
Andreas Steffen
aaeb524cea
testing: Updated loop ca certificates
2015-07-22 17:11:00 +02:00
Andreas Steffen
362e87e3e0
testing: Updated carol's certificate from research CA and dave's certificate from sales CA
2015-04-26 16:52:06 +02:00
Andreas Steffen
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
Andreas Steffen
5028644943
Updated RFC3779 certificates
2014-12-28 12:53:16 +01:00
Andreas Steffen
c44f481ae0
Updated BLISS scenario keys and certificates to new format
2014-12-12 12:00:20 +01:00
Andreas Steffen
c02ebf1ecd
Renewed expired certificates
2014-11-29 14:51:18 +01:00
Andreas Steffen
43d9247599
Created ikev2/rw-ntru-bliss scenario
2014-11-29 14:51:18 +01:00
Tobias Brunner
b7b2f9379d
testing: Enable virtio console for guests
...
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729 .
2014-10-10 19:03:28 +02:00
Tobias Brunner
030295dd44
testing: Updated swanctl certificates and keys
2014-10-03 12:50:08 +02:00
Tobias Brunner
1bab64e7cb
testing: Update public keys and certificates in DNS zone
2014-10-03 12:44:13 +02:00
Andreas Steffen
51da5b920b
Generated new test certificates
2014-08-28 21:34:40 +02:00
Andreas Steffen
b09016377a
Define default swanctl credentials in hosts directory
2014-06-10 16:19:00 +02:00
Andreas Steffen
2721832a45
First swanctl scenario
2014-06-01 21:12:15 +02:00
Andreas Steffen
2382d45b1c
Test SWID REST API ins tnc/tnccs-20-pdp scenarios
2014-05-31 21:25:46 +02:00
Andreas Steffen
edd2ed860f
Renewed expired user certificate
2014-04-15 09:28:37 +02:00
Andreas Steffen
7afd217ff9
Renewed self-signed OCSP signer certificate
2014-03-27 22:52:11 +01:00
Andreas Steffen
bee64a82d7
Updated expired certificates issued by the Research and Sales Intermediate CAs
2014-03-24 23:38:45 +01:00
Andreas Steffen
2d79f6d81e
Renewed revoked Research CA certificate
2014-03-22 15:16:15 +01:00
Tobias Brunner
9942e43dc6
testing: Use installed PTS SQL schema and data instead of local copy
2014-02-12 14:08:34 +01:00
Tobias Brunner
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
Andreas Steffen
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
Andreas Steffen
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
Andreas Steffen
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
Andreas Steffen
eeaa8a2417
Added TPMRA workitem support in PTS database
2014-01-16 01:46:55 +01:00
Andreas Steffen
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
Andreas Steffen
cae778147a
Define aaa.strongswan.org in /etc/hosts
2013-10-11 20:16:59 +02:00
Tobias Brunner
a4d6a5a359
testing: Provide moon's and sun's certificate as CERT RR
2013-10-11 15:45:42 +02:00
Martin Willi
71d468ec90
testing: Allow AH packets in default INPUT/OUTPUT chains
2013-10-11 10:15:22 +02:00
Andreas Steffen
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
Andreas Steffen
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
Andreas Steffen
4c961168cc
Updated PTS database scheme to new workitems model
2013-07-29 11:41:47 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Andreas Steffen
9ea77350ce
Fixed index.txt for strongSwan EC CA
2013-07-01 11:01:11 +02:00
Andreas Steffen
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
Tobias Brunner
c6e1eda6d0
testing: Set terminal title when logging in via SSH
...
Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.
2013-05-15 10:35:48 +02:00
Andreas Steffen
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
Reto Buerki
7b702150a0
Add expect-file guest image script
...
This script can be used in pretest.dat files to wait until a given file
appears.
2013-03-19 15:23:50 +01:00
Reto Buerki
0e1d008d71
Add /usr/local/lib/ipsec to linker cache
2013-03-19 15:23:50 +01:00
Andreas Steffen
d7eec03815
removed unneeded DS files
2013-03-05 09:08:25 +01:00
Andreas Steffen
37c589f0e0
Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and root zones
2013-02-19 12:25:01 +01:00
Reto Buerki
41943e9c1b
Make core dumps work
...
Core dumps are written to the /var/local/dumps directory.
2013-01-17 16:55:04 +01:00
Reto Buerki
2c4954ad24
Switch to 'mapped' access mode for hostfs
...
Passthrough mode only works as expected when running as root. On
Debian/Ubuntu systems qemu runs as user 'libvirt-qemu' and group 'kvm'
so all shared files must be chowned to grant access from guests.
Symlinks created on the host are still problematic because the Plan 9
filesystem has no direct notion of symbolic links, see [1].
[1] - http://ericvh.github.com/9p-rfc/rfc9p2000.u.html
2013-01-17 16:55:04 +01:00
Andreas Steffen
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
Andreas Steffen
b27836412b
Rename UML to KVM tests
2013-01-17 16:55:02 +01:00
Andreas Steffen
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
Andreas Steffen
9b4477d5b8
activated iptables in some ikev2 scenarios
2013-01-17 16:55:00 +01:00
Reto Buerki
0593b6c975
Export compile directory to guests
...
Use 9p over virtio to share files on the host with the guest domains.
The files are accessible in the guests /hostfs directory.
2013-01-17 16:54:58 +01:00
Reto Buerki
b351656cc7
Disable checksum offloading on moon's eth1 interface
...
Disable checksum offloading on eth1 because it does not currently work
with virtio and the isc-dhcp-server running on venus, see [1].
[1] - https://bugs.mageia.org/show_bug.cgi?id=1243
2013-01-17 16:54:57 +01:00
Reto Buerki
bd4c6122a4
Add ssh config to guest root account
2013-01-17 16:54:56 +01:00
Reto Buerki
76ccd25a05
Add expect-connection guest image script
...
This script can be used in pretest.dat files to wait until an IPsec
connection becomes available. This avoids unconditional sleeps and
improves test performance.
The ipv6 tests have been updated to use the expect-connection script.
2013-01-17 16:54:55 +01:00
Reto Buerki
261cf0e395
Drop build-hostconfig script
...
Use processed host configurations directly instead.
2013-01-17 15:22:10 +01:00
Tobias Brunner
18bce26ea6
Use key(and password-)less SSH authentication
2013-01-17 15:22:09 +01:00
Reto Buerki
766466b8d1
Adapt host configuration
...
Adapt the configuration of the test hosts to the new Debian-based
system.
2012-12-18 16:00:21 +01:00
Andreas Steffen
5d476b4266
updated default configuration of UML hosts to 5.0.0
2012-06-25 13:04:55 +02:00
Andreas Steffen
2be46da56d
added nonce plugin in default host configurations
2012-05-25 17:00:03 +02:00
Andreas Steffen
bd360b3911
keep a copy of refreshed carolCert-ocsp.pem
2012-03-15 07:59:42 +01:00
Andreas Steffen
ebf292bad0
refreshed carolCert-ocsp.pem
2012-03-15 07:58:35 +01:00
Andreas Steffen
448fc5091f
updated strong certificates
2011-10-17 18:04:12 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Andreas Steffen
13a7f5f3e3
added certificate_authorities and certificate_distribution_points tables
2010-12-05 11:30:06 +01:00
Andreas Steffen
2da636fd9b
support of reqid field in SQL database
2010-12-05 11:21:40 +01:00
Andreas Steffen
cbdcca7fd7
renamed algorithm to proposal
2010-11-30 17:38:49 +01:00
Andreas Steffen
f4e5acef3a
store IKE and ESP proposals in SQL database
2010-11-30 17:03:21 +01:00
Andreas Steffen
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
Andreas Steffen
841b2b3ee9
created certificate and /etc/hosts entry for virtual gateway mars
2010-11-20 18:20:23 +01:00
Andreas Steffen
84babfb895
define explicit IKEv1 key exchange mode
2010-10-07 07:31:44 +02:00
Andreas Steffen
c0cecc0a0e
added radius init script mit increased debugging
2010-09-02 22:19:37 +02:00
Tobias Brunner
91ea48352c
testing: Adding kernel-netlink to pluto.load statements.
2010-09-02 19:04:22 +02:00
Andreas Steffen
8e7920eea1
generated aaa certificate
2010-08-04 12:44:47 +02:00
Andreas Steffen
ab635e029e
updated SQL templates to support attribute pool and identity parameters
2010-07-12 20:28:34 +02:00
Heiko Hund
ec7adea007
Added support for named attribute groups
...
Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.
2010-07-09 13:09:31 +02:00
Andreas Steffen
36b3c0a8dd
regenerated loop intermediate CA certificates
2010-07-03 18:18:30 +02:00
Andreas Steffen
b2be7dd621
remove stray carolReq.pem
2010-06-05 13:36:39 +02:00
Andreas Steffen
ee1bdd85d3
it's too late on Saturday evening
2010-05-15 18:52:59 +02:00
Andreas Steffen
3399c3dca0
roll back some changes
2010-05-15 18:48:35 +02:00
Andreas Steffen
31b39e5f7c
encoding of MODE_TUNNEL changed
2010-05-15 18:36:14 +02:00
Andreas Steffen
bcd20cc987
added ikev2/dhcp-dynamic scenario
2010-04-23 11:52:37 +02:00
Tobias Brunner
355c3a66b1
When logging to the database, the IDs of an IKE SA are initially NULL.
2010-04-12 13:51:10 +02:00
Andreas Steffen
9391b485f7
updated DER versions of research and sales CAs
2010-04-11 22:00:01 +02:00
Andreas Steffen
c3379af391
removed whitespace
2010-04-07 13:07:11 +02:00
Andreas Steffen
ef4aa67bf7
generated new research and sales CA certs for carol and dave, respectively
2010-04-07 13:05:17 +02:00
Andreas Steffen
586c137016
prolonged Research and Sales CA certs
2010-04-06 12:05:39 +02:00
Andreas Steffen
b49cbd68a6
added dave2 and carol2 entries to /etc/hosts
2010-04-05 12:50:07 +02:00
Andreas Steffen
3cfbc91a98
renewed Authorization Authority certificate
2010-02-27 22:16:36 +01:00