Andreas Steffen
da5aa6ae6a
testing: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
12dbca721e
testing: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
f0476c4a82
testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
96d7d9392f
testing: Converted ipv6/rw-compress-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
Andreas Steffen
34acd584e5
testing: Converted ipv6/rw-psk-ikev2 to swanctl
2017-11-10 11:49:49 +01:00
Andreas Steffen
0770b37f8f
testing: Converted ipv6/rw-psk-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
ffe0d82c03
testing: Converted ipv6/rw-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
a96238a0d0
testing: Converted ipv6/rw-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
8215681a4a
testing: Converted ipv6/net2net-rfc3779-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
Andreas Steffen
04b79bc98c
testing: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
fd3f6871c9
testing: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
f57ca13e28
testing: Converted ipv6/transport-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
4ae1f7c0e3
testing: Converted ipv6/transport-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
7812b6e6cf
testing: Converted ipv6/net2net-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
e94db2b4ad
testing: Converted ipv6/net2net-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
47ec3326e7
testing: Converted ipv6/host2host-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
Andreas Steffen
087b027f88
testing: Converted ipv6/host2host-ikev1 to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
0a6f8644ef
testing: Removed libipsec/rw-suite-b
2017-11-10 11:49:39 +01:00
Andreas Steffen
9375c9c9db
testing: Converted libipsec/net2net-null to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
86d1b7a14d
testing: Converted libipsec/net2net-cert-ipv6 to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
c3b8778fc9
testing: Converted libipsec/net2net-cert to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
de42a67b79
testing: Converted libipsec/net2net-3des to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
6922d5e56a
testing: Converted libipsec/host2host-cert to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
3659fda1a5
testing: Converted gcrypt-ikev2 to swanctl
2017-11-10 11:49:39 +01:00
Andreas Steffen
b46deb8107
testing: Converted gcrypt-ikev1 to systemd
2017-11-10 11:49:38 +01:00
Andreas Steffen
88a950d915
testing: Converted af-alg to systemd
2017-11-10 11:49:38 +01:00
Andreas Steffen
67a97c18ae
testing: Enable systemd
2017-11-10 11:49:38 +01:00
Andreas Steffen
804784cc1c
testing: Updated some descriptions
2017-11-10 11:49:38 +01:00
Tobias Brunner
7fdad3bb97
testing: Fix output matching of lease time in ipsec pool utility
2017-11-02 11:32:52 +01:00
Andreas Steffen
a9fb529b84
Version bump to 5.6.1dr3
2017-09-26 22:43:38 +02:00
Tobias Brunner
98e7285394
testing: Add libipsec/net2net-cert-ipv6 scenario
2017-09-18 10:28:54 +02:00
Andreas Steffen
c80cec2d5e
Version bump to 5.6.1dr2
2017-09-13 16:56:45 +02:00
Tobias Brunner
82088028d8
testing: Reduce log level of SSH client
...
This should suppress the "Permanently added ... to the list of known
hosts" warnings that occasionally come up for no apparent reason.
2017-09-04 11:16:00 +02:00
Andreas Steffen
d43b84dcb4
Version bump to 5.6.1dr1
2017-09-01 13:49:09 +02:00
Andreas Steffen
fc373b64a6
imv-os: Updated security update evaluation
2017-09-01 12:42:24 +02:00
Andreas Steffen
076aac7069
imv-attestation: Fixed file hash measurements
...
The introduction of file versions broke file hash measurements.
This has been fixed by using a generic product versions having an
empty package name.
2017-09-01 10:51:15 +02:00
Tobias Brunner
936db031c7
testing: Make removal of SWID tags work with different releases
...
The regid.2004-03.org.strongswan directory might not exist in new images.
2017-08-16 10:51:15 +02:00
Andreas Steffen
9cc37212c6
Version bump to 5.6.0
2017-08-14 10:07:47 +02:00
Andreas Steffen
d35183e33e
Version bump to 5.6.0rc2
2017-08-09 14:23:28 +02:00
Andreas Steffen
285c077d2c
Version bump to 5.6.0rc1
2017-08-07 18:25:52 +02:00
Tobias Brunner
c11d13c4b9
testing: Add -v option to do-tests to prefix commands with timestamps
2017-08-07 16:55:45 +02:00
Tobias Brunner
f058804df8
testing: Move collector.db in tnc/tnccs-20-ev-pt-tls scenario to /etc/db.d
...
Also move initialization to the pretest script (it's way faster in the
in-memory database).
2017-08-07 16:55:45 +02:00
Tobias Brunner
772957778c
charon-tkm: Call esa_reset() when the inbound SA is deleted
...
After a rekeying the outbound SA and policy is deleted immediately, however,
the inbound SA is not removed until a few seconds later, so delayed packets
can still be processed.
This adds a flag to get_esa_id() that specifies the location of the
given SPI.
2017-08-07 10:46:00 +02:00
Tobias Brunner
f0d051f192
testing: Also capture stderr during test cases
...
The output was not correct otherwise due to the reordering of commands.
2017-08-07 10:44:05 +02:00
Tobias Brunner
87c6247e0d
testing: Clearly mark the tests that failed
2017-08-07 10:44:05 +02:00
Tobias Brunner
5163bd4b86
testing: Add tkm/xfrmproxy-rekey scenario
...
Similar to the xfrmproxy-expire scenario but here the TKM host is the
responder to a rekeying.
2017-08-07 10:44:05 +02:00
Tobias Brunner
a721b9c53d
testing: Add pfkey/net2net-rekey scenario
2017-08-07 10:44:05 +02:00
Tobias Brunner
37a91758c9
testing: Add ikev2/net2net-rekey scenario
2017-08-07 10:44:05 +02:00
Tobias Brunner
99cf64e960
testing: Add support for counting matching lines in tests
...
Specifying an integer instead of YES in evaltest.dat causes the number to get
compared against the actual number of lines matching the pattern.
This may be used to count matching packets or log lines.
2017-08-07 10:44:05 +02:00
Andreas Steffen
f0ae8c1761
Version bump to 5.6.0dr4
2017-08-04 21:15:45 +02:00
Andreas Steffen
808be1d57f
testing: Added tnc/tnccs-20-ev-pt-tls scenario
2017-08-04 19:15:51 +02:00
Andreas Steffen
05f8e64d79
Version bump to 5.6.0dr3
2017-07-18 20:53:35 +02:00
Andreas Steffen
a3b3538630
testing: Fixed the path of pt-tls-client
2017-07-18 20:43:03 +02:00
Andreas Steffen
693705c74e
Version bump to 5.6.0dr2
2017-07-13 14:24:32 +02:00
Andreas Steffen
991703007a
Version bump to 5.6.0dr1
...
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
2017-07-08 23:21:56 +02:00
Andreas Steffen
23e0d6dca3
testing: Added tnc/tnccs-20-nea-pt-tls scenario
2017-07-08 23:19:51 +02:00
Andreas Steffen
facf1c76ea
testing: Adaptation to ISO 19770-2:2015 SWID standard
2017-07-08 23:19:51 +02:00
Andreas Steffen
88b941939f
testing: Fixed typo in openssl-ikev2/rw-suite-b-192 scenario
2017-07-08 23:19:18 +02:00
Tobias Brunner
49917f0028
testing: Support running multiple tests with * as wildcard (e.g. ikev2/ocsp-*)
2017-07-07 09:23:14 +02:00
Andreas Steffen
65ce7ec0c4
Version bump to 5.5.3
2017-05-29 12:02:48 +02:00
Tobias Brunner
71d59af58a
testing: Add wrapper around service command
...
When charon is started via service command LEAK_DETECTIVE_LOG is not set
because the command strips the environment. Since we only want the
variable to be set during the automated test runs we can't just set it
in /etc/default/charon. Instead, we do so in this wrapper when charon is
started and remove the variable again when it is stopped.
2017-05-26 16:28:16 +02:00
Tobias Brunner
b2473e94a2
Fixed some typos, courtesy of codespell
2017-05-26 14:44:06 +02:00
Andreas Steffen
2d5a79bf59
testing: Added swanctl/rw-eap-md5-id-rsa scenario
2017-05-26 14:36:25 +02:00
Tobias Brunner
0da10b73ad
testing: Fix ikev2/two-certs scenario
...
Since 6a8a44be88
the certificate received by the client is verified
first, before checking the cached certificates for any with matching
identities. So we usually don't have to attempt to verify the signature
with wrong certificates first and can avoid this message.
2017-05-26 13:55:32 +02:00
Tobias Brunner
4d0795bcef
testing: Avoid expiration of allocated SPIs due to low retransmission settings
2017-05-23 18:05:58 +02:00
Andreas Steffen
a5f7a4c790
Version bump to 5.3.3dr2
2017-05-08 22:38:12 +02:00
Andreas Steffen
d38d1fcd68
Version bump to 5.5.3dr1
2017-04-26 21:29:42 +02:00
Andreas Steffen
25217488d2
testing: Created swanctl/rw-eap-aka-sql-rsa scenario
2017-04-26 20:38:23 +02:00
Andreas Steffen
64f9fa9e9f
testing: Created ikev2/rw-eap-aka-sql-rsa scenario
...
This test scenario tests the eap-simaka-sql plugin.
2017-04-26 20:38:23 +02:00
Andreas Steffen
bb2ba9f15d
Version bump to 5.5.2
2017-03-27 16:57:03 +02:00
Andreas Steffen
c5ccf933ec
testing: List BLIS certs in swanctl/rw-newhope-bliss scenario
2017-03-27 16:56:50 +02:00
Andreas Steffen
7c672e6118
Version bump to 5.2.2rc1
2017-03-21 09:09:43 +01:00
Andreas Steffen
1732ca7b5b
testing: Updated OCSP certificate for carol
2017-03-21 09:09:06 +01:00
Andreas Steffen
efc1b98461
Allow x25519 as an alias of the curve25519 KE algorithm
2017-03-20 21:18:00 +01:00
Tobias Brunner
ac9063dae2
testing: Fix URL for kernel sources
2017-03-20 10:13:33 +01:00
Andreas Steffen
25bfb338a2
Version bump to 5.5.2dr7
2017-03-06 20:21:40 +01:00
Andreas Steffen
6885375e66
Version bump to 5.5.2dr6
2017-03-03 09:34:50 +01:00
Tobias Brunner
3fb68ac211
testing: load-testconfig script loads config from source dir
...
It now does replace the IPs too. This way it's easier to play around
with a config (otherwise a do-tests run was required to build the
config files in the build dir).
2017-03-02 11:54:39 +01:00
Andreas Steffen
f43850b3b9
Version bump to 5.5.2dr5
2017-02-23 17:31:11 +01:00
Tobias Brunner
0c549169c4
testing: Fix ALLOWED_HOSTS in strongTNC settings.ini
2017-02-16 18:24:25 +01:00
Tobias Brunner
150a902b83
testing: Fix swanctl/ocsp-disabled scenario after changing the log messages
2017-02-16 17:51:16 +01:00
Andreas Steffen
9ad147ac63
Version bump to 5.5.2dr4
2017-01-02 15:46:27 +01:00
Andreas Steffen
91a4a4aa83
testing: Added swanctl/ocsp-disabled scenario
2017-01-02 14:34:39 +01:00
Andreas Steffen
db0953d41f
testing: Added swanctl/ocsp-signer-cert scenario
2017-01-02 14:34:18 +01:00
Andreas Steffen
08253bbba3
testing: Convert swanctl scenarios to curve-25519
2016-12-30 16:22:12 +01:00
Andreas Steffen
65797c9faf
Version bump to 5.5.2dr3 and Linux kernel 4.9
2016-12-17 18:10:13 +01:00
Andreas Steffen
470e61ae77
testing: strongTNC does not come with django.db any more
2016-12-17 18:09:20 +01:00
Andreas Steffen
3c1e5ad6ce
testing: Added ikev2/net2net-ed25519 scenario
2016-12-17 18:07:29 +01:00
Andreas Steffen
94ae1ac18e
Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates
2016-12-14 11:15:48 +01:00
Andreas Steffen
011195f1a9
Version bump to 5.5.2dr2
2016-11-14 16:20:51 +01:00
Andreas Steffen
99c03e9a11
testing: make curve25519 the default DH group
2016-11-14 16:20:51 +01:00
Andreas Steffen
4a97999466
Version bump to 5.5.2dr1
2016-10-30 17:34:05 +01:00
Andreas Steffen
e6a4bd83ff
Version bump to 5.5.1
2016-10-20 12:57:00 +02:00
Andreas Steffen
4d77fcbec9
Version bump to 5.5.1rc2
2016-10-18 18:14:57 +02:00
Andreas Steffen
ba6c7a52c0
testing: Renewed expired certificates
2016-10-18 18:13:58 +02:00
Andreas Steffen
d167776ff9
testing: enable MACsec in guest kernel
2016-10-18 16:25:19 +02:00
Andreas Steffen
a617223ed5
Version bump to 5.5.1rc1
2016-10-11 19:21:36 +02:00
Andreas Steffen
85b5a6ace2
Save both base and delta CRLs to disk
2016-10-11 17:18:22 +02:00
Andreas Steffen
2a2669ee3e
vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk
2016-10-11 17:18:22 +02:00
Tobias Brunner
597e057b9e
testing: Remove ikev2/default-keys scenario
...
No default keys are generated anymore.
2016-10-05 12:25:29 +02:00