ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,694 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

311 Commits

Author SHA1 Message Date
Коренберг Марк d8e4a2a777 identification: Change abbreviation for surname/serialNumber RDNs 
To align with RFC 4519, section 2.31/32, the abbreviation for surname
is changed to "SN" that was previously used for serialNumber, which does
not have an abbreviation.

This mapping had its origins in the X.509 patch for FreeS/WAN that was
started in 2000.  It was aligned with how OpenSSL did this in earlier
versions.  However, there it was changed already in March 2002 (commit
ffbe98b7630d604263cfb1118c67ca2617a8e222) to make it compatible with
RFC 2256 (predecessor of RFC 4519).

Co-authored-by: Tobias Brunner <tobias@strongswan.org>

Closes strongswan/strongswan#179.
 2021-01-18 17:41:37 +01:00
Tobias Brunner 5ef10ec326 testing: Add scenarios that use a CA with two intermediate CA certificates 
Mainly to test TKM's ability for handling multiple CAs and that the
received intermediate CA certificates are passed in the right order.
But also added a regular scenario where two intermediate CA certificates
are sent by one of the clients.
 2021-01-11 15:28:10 +01:00
Tobias Brunner 16fcdb460a charon-tkm: Don't use starter/stroke with charon-tkm anymore 
For the tests, the unused init script that was used before switching to
charon-systemd is repurposed to manage the daemon.
 2021-01-11 15:28:01 +01:00
Tobias Brunner b322539ef5 charon-tkm: Deinitialize IKE tkm-rpc client 
This is necessary if tkm-rpc supports multiple parallel client requests.
 2021-01-08 17:22:37 +01:00
Adrian-Ken Rueegsegger a0a0571bd1 charon-tkm: Reverse cert chain processing order 
Verify certificate chains starting from the root CA certificate and
moving towards the leaf/user certificate.

Also update TKM-RPC and TKM in testing scripts to version supporting the
reworked CC handling.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger 532023dcf1 testing: Use latest TKM RPC library 
Brings some cleanups and minor improvements.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger eccca505aa testing: Use multi-CA aware TKM 
Also add CA ID to tkm_keymanager command.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger d6cf4a165b testing: Add CA ID mappings to TKM tests 
Extend the build-certs-chroot script is to fill in the public key
fingerprint of the CA certificate in the appropriate strongswan.con
files.
 2021-01-08 17:22:36 +01:00
Adrian-Ken Rueegsegger 524751ae76 testing: Switch to https for codelabs recipes 2021-01-08 17:22:36 +01:00
Tobias Brunner fde5374a86 testing: Explicitly encode backing image format in metadata 
Apparently, there is no probing anymore in newer versions of qemu due
to security considerations.
 2021-01-08 11:39:44 +01:00
Tobias Brunner b58740996f testing: Use build-strongswan to implement build-rootimage 2020-11-27 12:05:22 +01:00
Tobias Brunner 88c94063d2 testing: Make building guest images after strongSwan optional 
This is basically only for the build-rootimage use case.
 2020-11-27 12:05:22 +01:00
Tobias Brunner 386e9a96a1 testing: Optionally build strongSwan from a release tarball 
This will allow us to replace the build-rootimage script.
 2020-11-27 12:05:22 +01:00
Tobias Brunner a7d920059e testing: Optionally replace root image when building strongSwan 2020-11-27 12:05:22 +01:00
Tobias Brunner c1dc7c4149 testing: Optionally use a new strongSwan build directory 
This can be useful when building completely different versions for the
first time to avoid issues with build artifacts of previous builds.
 2020-11-27 12:05:22 +01:00
Tobias Brunner 543d09c4b4 testing: Add option to build all software recipes when building strongSwan 
This is like building the root image but using a specific strongSwan
source tree, which is helpful if code changes depend on other software
packages (e.g. TKM-related or testing new crypto libraries).  If the script
is called and the root image does not exist, the new option is enabled
automatically.

The option to build in a specific guest image is now also moved to an
explicit command line option so that the source dir path is the only
remaining positional argument (see --help for details).
 2020-11-27 12:05:22 +01:00
Tobias Brunner edc55f0876 testing: Create root image if it does not exist yet when building strongSwan 
This allows running the script directly after building the base image.
 2020-11-27 12:05:22 +01:00
Tobias Brunner 29c59885ca Use Botan 2.17.1 for tests 2020-11-27 12:05:22 +01:00
Tobias Brunner 1c2f5eea2c testing: Improve building different revisions of Git-recipes 
If we check out and build a certain revision of a dependency in a branch and
switch to another that requires a different revision and then switch back,
the previous approach installed the wrong revision as it would incorrectly
assume the required revision was already built and ready to install.
 2020-11-27 12:05:22 +01:00
Tobias Brunner 60caa4f6c6 testing: Use silent rules to build strongSwan 2020-10-27 16:42:00 +01:00
Tobias Brunner 78015d14ac Use Botan 2.16.0 for tests 2020-10-07 12:38:52 +02:00
Tobias Brunner 64148f046e testing: Fix dependency issue with strongTNC 
Apparently, djangorestframework-camel-case, in the referenced version,
uses `six` but does not itself require/install it (later versions removed
Python 2 support altogether).
 2020-09-04 14:56:58 +02:00
Tobias Brunner 1f97415fe7 testing: Use latest x509-ada release 
This fixes an issue with newer compiler versions where crashes would be
caused if functions of the generated C X.509 parser are not aligned.
 2020-09-03 15:24:37 +02:00
Tobias Brunner fb78b0e533 testing: Add man, valgrind and strace to base image 2020-09-03 13:34:19 +02:00
Tobias Brunner dcd8327933 testing: Install vici Python module manually 
easy_install is not included in Debian's python-setuptools package
anymore, so we install it manually using setup.py.
 2020-09-03 13:34:19 +02:00
Tobias Brunner d9785b36a3 testing: Replace deprecated/removed `pip install --download` command 
It was deprecated for a while and has been replaced by `pip download`.
 2020-09-03 13:34:19 +02:00
Tobias Brunner 94eebc9c2c testing: Use legacy iptables on Debian buster 
The iptables-nft wrapper that uses the nftables framework can't handle
the CLUSTERIP target (plus we'd require nftables in the kernel).
 2020-09-03 13:34:19 +02:00
Tobias Brunner 3d1e2c56df testing: Use pkill to reload rsyslogd config/recreate log files 
The PID location changes with newer Debian releases so it's more
portable this way.
 2020-09-03 13:34:19 +02:00
Tobias Brunner ad7d712cb5 testing: Support build with Debian buster base image 2020-09-03 13:33:32 +02:00
Tobias Brunner 59455137b4 Use Botan 2.15.0 for tests 2020-07-20 16:58:03 +02:00
Tobias Brunner e0b1b12028 Use Botan 2.14.0 for tests 
Requires at least GCC 5.0 to build with `--amalgamation`, so it's
disabled for our Ubuntu 16.04 build.
 2020-04-07 16:37:27 +02:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner b0b928dd0a Use Botan 2.13.0 for tests 2020-01-16 08:30:47 +01:00
Tobias Brunner 91dabace11 testing: Add scenario with hash-and-URL encoding for intermediate CA certificates 2019-11-26 11:12:26 +01:00
Tobias Brunner 9cc24ca39e Use Botan 2.12.1 for tests 2019-10-14 11:43:58 +02:00
Tobias Brunner 0736882678 Use Botan 2.12.0 for tests 2019-10-07 14:31:40 +02:00
Tobias Brunner 17c9972252 Fixed some typos, courtesy of codespell 2019-08-28 14:03:41 +02:00
Tobias Brunner b9949e98c2 Some whitespace fixes 
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
 2019-08-22 15:18:06 +02:00
Tobias Brunner de07b77442 Use Botan 2.11.0 for tests 2019-07-02 11:35:21 +02:00
Andreas Steffen c9d898c9f4 testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario 2019-05-10 12:53:33 +02:00
Tobias Brunner 27f6d37544 testing: Return an error if any command in the certificate build script fails 2019-05-08 14:56:48 +02:00
Tobias Brunner d3f678c08f testing: Build certificates before guests after building strongSwan 
If the script is run on a clean working copy, building the guests will
fail if the certificates don't exist.
 2019-05-08 14:56:48 +02:00
Tobias Brunner 287149cbf9 testing: Automatically build guest images after generating certificates 
This (re-)generates the CRLs on winnetou.
 2019-05-08 14:56:48 +02:00
Tobias Brunner ac66ca25f9 testing: Use custom plugin configuration to build SHA-3 CA 2019-05-08 14:56:48 +02:00
Tobias Brunner 21280da9f5 testing: Fix ikev2/net2net-rsa scenario 2019-05-08 14:56:48 +02:00
Tobias Brunner da8e33f3ca testing: Add wrapper script to build certificates in root image 
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
 2019-05-08 14:56:48 +02:00
Andreas Steffen b213204b3b testing: Updated build-certs script 2019-05-08 14:56:48 +02:00
Andreas Steffen 92c001f766 testing: Remove dynamic keys and certs from repository 2019-05-08 14:56:48 +02:00
Andreas Steffen 00f1d09729 testing: Build data.sql files for SQL test cases 2019-05-08 14:56:48 +02:00
Tobias Brunner 05275905ef testing: Build CERT and IPSECKEY RRs for strongswan.org zone 
Also copy generated keys to DNSSEC test cases.
 2019-05-08 14:56:48 +02:00