28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
efefa0c6a1
testing: Added swanctl/shunt-policies-nat-rw
2016-02-28 22:25:50 +01:00
13891e2a4f
testing: Some minor fixes in test scenarios
2016-02-28 22:25:21 +01:00
68c9f0bb80
testing: Added swanctl/protoport-dual scenario
2016-02-28 14:33:48 +01:00
ddf1fc7692
testing: converted af-alg scenarios to swanctl
2016-02-26 13:31:36 +01:00
4625113b1a
testing: Use absolute path to the _updown script in SQL scenarios
...
/usr/local/sbin is not included in PATH set by the charon init script and
since the ipsec script is obsolete when using swanctl it makes sense to
change this anyway.
2016-02-17 12:00:20 +01:00
963b080810
testing: Increased ping interval in ikev2/trap-any scenario
2016-02-16 18:21:19 +01:00
726a45b2f2
Corrected the description of the swanctl/dhcp-dynamic scenario
2016-02-16 18:17:17 +01:00
4d83c5b4a6
Fix of the mutual TNC measurement use case
...
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.
In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.
The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
2016-02-16 18:00:27 +01:00
ac134b470a
testing: Added swanctl/dhcp-dynamic scenario
2016-02-03 12:10:59 +01:00
beb4a07ea8
ikev1: Log successful authentication with signature scheme
...
Output is now identical to that of the IKEv2 pubkey authenticator.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-02-01 15:58:53 +01:00
4cfcbe97a4
testing: Don't attempt to start the daemon twice in ha/active-passive scenario
2016-02-01 10:51:12 +01:00
67a38ac6f1
testing: Added swanctl/config-payload scenario
2016-01-14 06:31:28 +01:00
e7b5171e43
testing: Use include statement in swanctl/rw-pubkey-keyid scenario
2016-01-14 01:44:17 +01:00
2aa2b17d41
testing: swanctl/rw-pubkey-anon uses anonymous public keys in remote access scenario
2016-01-09 07:23:30 +01:00
b83cef2412
testing: added swanctl scenarios net2net-pubkey, rw-pubkey-keyid and rw-dnssec
2016-01-09 07:23:30 +01:00
bffbf2f5fd
testing: Fixed description of swanctl/frags-iv4 scenario
2016-01-09 00:17:31 +01:00
9db530493f
testing: Change sql scenarios to swanctl
2016-01-03 06:28:48 +01:00
1a79525559
testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs
2015-12-21 12:14:12 +01:00
490ba67682
testing: Fixed description in swanctl/rw-ntru-bliss scenario
2015-12-18 15:24:59 +01:00
9463350943
testing: swanctl is enabled by default
2015-12-18 15:22:29 +01:00
76cbf1df34
testing: Added swanctl/rw-ntru-bliss scenario
2015-12-17 17:49:48 +01:00
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
36b6d400d2
testing: swanctl/rw-cert scenario tests password-protected RSA key
2015-12-12 17:12:44 +01:00
4f7f2538c4
Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit security
2015-12-12 15:54:48 +01:00
fad851e2d3
Use VICI 2.0 protocol version for certificate queries
2015-12-11 18:26:54 +01:00
6789d79d46
testing: Added swanctl --list-algs output
2015-12-11 18:26:54 +01:00
6aa7703122
testing: Converted tnc scenarios to swanctl
2015-12-11 18:26:54 +01:00
74270c8c86
vici: Don't report memory usage via leak-detective
...
This slowed down the `swanctl --stats` calls in the test scenarios
significantly, with not much added value.
2015-12-11 18:26:53 +01:00
ae37090e65
testing: Use expect-connection in swanctl scenarios
...
Only in net2net-start do we have to use `sleep` to ensure the SA is
up when the tests are running.
2015-12-11 18:26:53 +01:00
b77e25c381
testing: The expect-connection helper may use swanctl to check for connections
...
Depending on the plugin configuration in the test scenario either
`ipsec statusall` or `swanctl --list-conns` is used to check for a named
connection.
2015-12-11 18:26:53 +01:00
cbc43f1b43
testing: Some more timing fixes
2015-12-01 14:51:23 +01:00
dddb32329c
testing: Updated expired mars.strongswan.org certificate
2015-11-26 09:55:28 +01:00
1c1f713431
testing: Error messages of curl plugin have changed
2015-11-13 14:02:45 +01:00
c4b9b7ef2c
testing: Fixed another timing issue
2015-11-13 14:02:06 +01:00
019c7c2310
testing: Check for leases in swanctl/ip-pool scenario
2015-11-11 08:43:43 +01:00
946bc3a3f5
testing: Fixed some more timing issues
2015-11-10 16:54:38 +01:00
10051b01e9
testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs
2015-11-09 15:18:39 +01:00
3102da20a7
testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNC
2015-11-09 15:18:38 +01:00
e873cb5a28
testing: Add test config to create and remove a directory for DBs stored in ramfs
2015-11-09 15:18:38 +01:00
10fa70ee5c
testing: Improve runtime of TNC tests by storing the SQLite DB in ramfs
...
This saves about 50%-70% of the time needed for scenarios that use a DB.
2015-11-09 15:18:38 +01:00
f24ec20ebb
testing: Fix test constraints in ikev2/rw-ntru-bliss scenario
...
Changed with a88d958933
2015-11-09 15:18:38 +01:00
529357f09a
testing: Use sha3 plugin in ikev2/rw-cert scenario
2015-11-09 15:18:38 +01:00
bcad0f761f
testing: Report the actual strongSwan and kernel versions
2015-11-09 15:18:37 +01:00
5a919312b3
testing: Record strongSwan version when building from tarball
2015-11-09 15:18:37 +01:00
aee35392d1
testing: Record strongSwan version when building from source tree
2015-11-09 15:18:37 +01:00
d4908c06c1
testing: Report time required for all scenarios on test overview page
2015-11-09 15:18:37 +01:00
f7234e5e9f
testing: Remove old SWID tags when building from repository
...
This fixes the TNC-PDP scenarios.
2015-11-09 15:18:36 +01:00
e22a663129
testing: Don't log anything to the console if auth.log or daemon.log do not exist
2015-11-09 15:18:36 +01:00
12f08e07e1
testing: Simplify fetching of swanctl --list-* output
2015-11-09 15:18:36 +01:00
Tobias Brunner