da5aa6ae6a
testing: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
12dbca721e
testing: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl
2017-11-10 13:54:50 +01:00
f0476c4a82
testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
96d7d9392f
testing: Converted ipv6/rw-compress-ikev2 to swanctl
2017-11-10 13:54:50 +01:00
34acd584e5
testing: Converted ipv6/rw-psk-ikev2 to swanctl
2017-11-10 11:49:49 +01:00
0770b37f8f
testing: Converted ipv6/rw-psk-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
ffe0d82c03
testing: Converted ipv6/rw-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
a96238a0d0
testing: Converted ipv6/rw-ikev1 to swanctl
2017-11-10 11:49:41 +01:00
8215681a4a
testing: Converted ipv6/net2net-rfc3779-ikev2 to swanctl
2017-11-10 11:49:41 +01:00
04b79bc98c
testing: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
fd3f6871c9
testing: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
f57ca13e28
testing: Converted ipv6/transport-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
4ae1f7c0e3
testing: Converted ipv6/transport-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
7812b6e6cf
testing: Converted ipv6/net2net-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
e94db2b4ad
testing: Converted ipv6/net2net-ikev1 to swanctl
2017-11-10 11:49:40 +01:00
47ec3326e7
testing: Converted ipv6/host2host-ikev2 to swanctl
2017-11-10 11:49:40 +01:00
087b027f88
testing: Converted ipv6/host2host-ikev1 to swanctl
2017-11-10 11:49:39 +01:00
0a6f8644ef
testing: Removed libipsec/rw-suite-b
2017-11-10 11:49:39 +01:00
9375c9c9db
testing: Converted libipsec/net2net-null to swanctl
2017-11-10 11:49:39 +01:00
86d1b7a14d
testing: Converted libipsec/net2net-cert-ipv6 to swanctl
2017-11-10 11:49:39 +01:00
c3b8778fc9
testing: Converted libipsec/net2net-cert to swanctl
2017-11-10 11:49:39 +01:00
de42a67b79
testing: Converted libipsec/net2net-3des to swanctl
2017-11-10 11:49:39 +01:00
6922d5e56a
testing: Converted libipsec/host2host-cert to swanctl
2017-11-10 11:49:39 +01:00
3659fda1a5
testing: Converted gcrypt-ikev2 to swanctl
2017-11-10 11:49:39 +01:00
b46deb8107
testing: Converted gcrypt-ikev1 to systemd
2017-11-10 11:49:38 +01:00
88a950d915
testing: Converted af-alg to systemd
2017-11-10 11:49:38 +01:00
67a97c18ae
testing: Enable systemd
2017-11-10 11:49:38 +01:00
804784cc1c
testing: Updated some descriptions
2017-11-10 11:49:38 +01:00
7fdad3bb97
testing: Fix output matching of lease time in ipsec pool utility
2017-11-02 11:32:52 +01:00
a9fb529b84
Version bump to 5.6.1dr3
2017-09-26 22:43:38 +02:00
98e7285394
testing: Add libipsec/net2net-cert-ipv6 scenario
2017-09-18 10:28:54 +02:00
c80cec2d5e
Version bump to 5.6.1dr2
2017-09-13 16:56:45 +02:00
82088028d8
testing: Reduce log level of SSH client
...
This should suppress the "Permanently added ... to the list of known
hosts" warnings that occasionally come up for no apparent reason.
2017-09-04 11:16:00 +02:00
d43b84dcb4
Version bump to 5.6.1dr1
2017-09-01 13:49:09 +02:00
fc373b64a6
imv-os: Updated security update evaluation
2017-09-01 12:42:24 +02:00
076aac7069
imv-attestation: Fixed file hash measurements
...
The introduction of file versions broke file hash measurements.
This has been fixed by using a generic product versions having an
empty package name.
2017-09-01 10:51:15 +02:00
936db031c7
testing: Make removal of SWID tags work with different releases
...
The regid.2004-03.org.strongswan directory might not exist in new images.
2017-08-16 10:51:15 +02:00
9cc37212c6
Version bump to 5.6.0
2017-08-14 10:07:47 +02:00
d35183e33e
Version bump to 5.6.0rc2
2017-08-09 14:23:28 +02:00
285c077d2c
Version bump to 5.6.0rc1
2017-08-07 18:25:52 +02:00
c11d13c4b9
testing: Add -v option to do-tests to prefix commands with timestamps
2017-08-07 16:55:45 +02:00
f058804df8
testing: Move collector.db in tnc/tnccs-20-ev-pt-tls scenario to /etc/db.d
...
Also move initialization to the pretest script (it's way faster in the
in-memory database).
2017-08-07 16:55:45 +02:00
772957778c
charon-tkm: Call esa_reset() when the inbound SA is deleted
...
After a rekeying the outbound SA and policy is deleted immediately, however,
the inbound SA is not removed until a few seconds later, so delayed packets
can still be processed.
This adds a flag to get_esa_id() that specifies the location of the
given SPI.
2017-08-07 10:46:00 +02:00
f0d051f192
testing: Also capture stderr during test cases
...
The output was not correct otherwise due to the reordering of commands.
2017-08-07 10:44:05 +02:00
87c6247e0d
testing: Clearly mark the tests that failed
2017-08-07 10:44:05 +02:00
5163bd4b86
testing: Add tkm/xfrmproxy-rekey scenario
...
Similar to the xfrmproxy-expire scenario but here the TKM host is the
responder to a rekeying.
2017-08-07 10:44:05 +02:00
a721b9c53d
testing: Add pfkey/net2net-rekey scenario
2017-08-07 10:44:05 +02:00
37a91758c9
testing: Add ikev2/net2net-rekey scenario
2017-08-07 10:44:05 +02:00
99cf64e960
testing: Add support for counting matching lines in tests
...
Specifying an integer instead of YES in evaltest.dat causes the number to get
compared against the actual number of lines matching the pattern.
This may be used to count matching packets or log lines.
2017-08-07 10:44:05 +02:00
f0ae8c1761
Version bump to 5.6.0dr4
2017-08-04 21:15:45 +02:00
808be1d57f
testing: Added tnc/tnccs-20-ev-pt-tls scenario
2017-08-04 19:15:51 +02:00
05f8e64d79
Version bump to 5.6.0dr3
2017-07-18 20:53:35 +02:00
a3b3538630
testing: Fixed the path of pt-tls-client
2017-07-18 20:43:03 +02:00
693705c74e
Version bump to 5.6.0dr2
2017-07-13 14:24:32 +02:00
991703007a
Version bump to 5.6.0dr1
...
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
2017-07-08 23:21:56 +02:00
23e0d6dca3
testing: Added tnc/tnccs-20-nea-pt-tls scenario
2017-07-08 23:19:51 +02:00
facf1c76ea
testing: Adaptation to ISO 19770-2:2015 SWID standard
2017-07-08 23:19:51 +02:00
88b941939f
testing: Fixed typo in openssl-ikev2/rw-suite-b-192 scenario
2017-07-08 23:19:18 +02:00
49917f0028
testing: Support running multiple tests with * as wildcard (e.g. ikev2/ocsp-*)
2017-07-07 09:23:14 +02:00
65ce7ec0c4
Version bump to 5.5.3
2017-05-29 12:02:48 +02:00
71d59af58a
testing: Add wrapper around service command
...
When charon is started via service command LEAK_DETECTIVE_LOG is not set
because the command strips the environment. Since we only want the
variable to be set during the automated test runs we can't just set it
in /etc/default/charon. Instead, we do so in this wrapper when charon is
started and remove the variable again when it is stopped.
2017-05-26 16:28:16 +02:00
b2473e94a2
Fixed some typos, courtesy of codespell
2017-05-26 14:44:06 +02:00
2d5a79bf59
testing: Added swanctl/rw-eap-md5-id-rsa scenario
2017-05-26 14:36:25 +02:00
0da10b73ad
testing: Fix ikev2/two-certs scenario
...
Since 6a8a44be88
2017-05-26 13:55:32 +02:00
4d0795bcef
testing: Avoid expiration of allocated SPIs due to low retransmission settings
2017-05-23 18:05:58 +02:00
a5f7a4c790
Version bump to 5.3.3dr2
2017-05-08 22:38:12 +02:00
d38d1fcd68
Version bump to 5.5.3dr1
2017-04-26 21:29:42 +02:00
25217488d2
testing: Created swanctl/rw-eap-aka-sql-rsa scenario
2017-04-26 20:38:23 +02:00
64f9fa9e9f
testing: Created ikev2/rw-eap-aka-sql-rsa scenario
...
This test scenario tests the eap-simaka-sql plugin.
2017-04-26 20:38:23 +02:00
bb2ba9f15d
Version bump to 5.5.2
2017-03-27 16:57:03 +02:00
c5ccf933ec
testing: List BLIS certs in swanctl/rw-newhope-bliss scenario
2017-03-27 16:56:50 +02:00
7c672e6118
Version bump to 5.2.2rc1
2017-03-21 09:09:43 +01:00
1732ca7b5b
testing: Updated OCSP certificate for carol
2017-03-21 09:09:06 +01:00
efc1b98461
Allow x25519 as an alias of the curve25519 KE algorithm
2017-03-20 21:18:00 +01:00
ac9063dae2
testing: Fix URL for kernel sources
2017-03-20 10:13:33 +01:00
25bfb338a2
Version bump to 5.5.2dr7
2017-03-06 20:21:40 +01:00
6885375e66
Version bump to 5.5.2dr6
2017-03-03 09:34:50 +01:00
3fb68ac211
testing: load-testconfig script loads config from source dir
...
It now does replace the IPs too. This way it's easier to play around
with a config (otherwise a do-tests run was required to build the
config files in the build dir).
2017-03-02 11:54:39 +01:00
f43850b3b9
Version bump to 5.5.2dr5
2017-02-23 17:31:11 +01:00
0c549169c4
testing: Fix ALLOWED_HOSTS in strongTNC settings.ini
2017-02-16 18:24:25 +01:00
150a902b83
testing: Fix swanctl/ocsp-disabled scenario after changing the log messages
2017-02-16 17:51:16 +01:00
9ad147ac63
Version bump to 5.5.2dr4
2017-01-02 15:46:27 +01:00
91a4a4aa83
testing: Added swanctl/ocsp-disabled scenario
2017-01-02 14:34:39 +01:00
db0953d41f
testing: Added swanctl/ocsp-signer-cert scenario
2017-01-02 14:34:18 +01:00
08253bbba3
testing: Convert swanctl scenarios to curve-25519
2016-12-30 16:22:12 +01:00
65797c9faf
Version bump to 5.5.2dr3 and Linux kernel 4.9
2016-12-17 18:10:13 +01:00
470e61ae77
testing: strongTNC does not come with django.db any more
2016-12-17 18:09:20 +01:00
3c1e5ad6ce
testing: Added ikev2/net2net-ed25519 scenario
2016-12-17 18:07:29 +01:00
94ae1ac18e
Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates
2016-12-14 11:15:48 +01:00
011195f1a9
Version bump to 5.5.2dr2
2016-11-14 16:20:51 +01:00
99c03e9a11
testing: make curve25519 the default DH group
2016-11-14 16:20:51 +01:00
4a97999466
Version bump to 5.5.2dr1
2016-10-30 17:34:05 +01:00
e6a4bd83ff
Version bump to 5.5.1
2016-10-20 12:57:00 +02:00
4d77fcbec9
Version bump to 5.5.1rc2
2016-10-18 18:14:57 +02:00
ba6c7a52c0
testing: Renewed expired certificates
2016-10-18 18:13:58 +02:00
d167776ff9
testing: enable MACsec in guest kernel
2016-10-18 16:25:19 +02:00
a617223ed5
Version bump to 5.5.1rc1
2016-10-11 19:21:36 +02:00
85b5a6ace2
Save both base and delta CRLs to disk
2016-10-11 17:18:22 +02:00
2a2669ee3e
vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk
2016-10-11 17:18:22 +02:00
597e057b9e
testing: Remove ikev2/default-keys scenario
...
No default keys are generated anymore.
2016-10-05 12:25:29 +02:00
Andreas Steffen