74ac0c9efd
Version bump to 5.8.0rc1
2019-05-10 12:55:48 +02:00
47879ca638
testing: Use strongswan systemd service
2019-05-10 12:55:09 +02:00
6d8e6ec61b
testing: Load PEM keys in ikev2/net2-net-rsa scenario
2019-05-10 12:54:28 +02:00
c9d898c9f4
testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario
2019-05-10 12:53:33 +02:00
7e0e3ef4e0
keymat_v1: Avoid memory leak during IKE key derivation in some error cases
...
Closes strongswan/strongswan#138 .
2019-05-09 10:07:52 +02:00
78cad110ea
Merge branch 'build-certs'
...
Adds a script to generate the keys and certificates used for regression
tests dynamically. They are built with the pki version installed in the
root image so it's not necessary to have an up-to-date version with all
required plugins installed on the host system.
2019-05-08 14:57:03 +02:00
27f6d37544
testing: Return an error if any command in the certificate build script fails
2019-05-08 14:56:48 +02:00
d3f678c08f
testing: Build certificates before guests after building strongSwan
...
If the script is run on a clean working copy, building the guests will
fail if the certificates don't exist.
2019-05-08 14:56:48 +02:00
287149cbf9
testing: Automatically build guest images after generating certificates
...
This (re-)generates the CRLs on winnetou.
2019-05-08 14:56:48 +02:00
ac66ca25f9
testing: Use custom plugin configuration to build SHA-3 CA
2019-05-08 14:56:48 +02:00
532060c0fa
pki: Plugins to load may be defined via PKI_PLUGINS env variable
2019-05-08 14:56:48 +02:00
21280da9f5
testing: Fix ikev2/net2net-rsa scenario
2019-05-08 14:56:48 +02:00
da8e33f3ca
testing: Add wrapper script to build certificates in root image
...
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
2019-05-08 14:56:48 +02:00
a89ad28b89
testing: Upgrade to Linux 5.1 kernel
2019-05-08 14:56:48 +02:00
df6441a13f
pki: Allow inclusion of [unsupported] critical X.509 extension
2019-05-08 14:56:48 +02:00
b213204b3b
testing: Updated build-certs script
2019-05-08 14:56:48 +02:00
cfeae14b06
testing: Deleting dynamic test keys and certificates
2019-05-08 14:56:48 +02:00
2a72056cee
testing: Exclude files that are ignored in Git from the distribution
...
Since the complete hosts and tests directories are part of the tarball
this would include generated certificates and keys.
2019-05-08 14:56:48 +02:00
92c001f766
testing: Remove dynamic keys and certs from repository
2019-05-08 14:56:48 +02:00
00f1d09729
testing: Build data.sql files for SQL test cases
2019-05-08 14:56:48 +02:00
0c924641e6
pki: Add different output options for --keyid
...
Makes machine-processing these identifiers easier.
2019-05-08 14:56:48 +02:00
05275905ef
testing: Build CERT and IPSECKEY RRs for strongswan.org zone
...
Also copy generated keys to DNSSEC test cases.
2019-05-08 14:56:48 +02:00
1e059c837b
testing: Rename public keys in DNSSEC scenarios
...
We will generate PEM-encoded public keys with the script.
2019-05-08 14:56:48 +02:00
326bb5f2c5
testing: Convert keys and certificates for all TKM scenarios
2019-05-08 14:56:48 +02:00
0136852f19
testing: Disable leak detective in build-certs script
2019-05-08 14:56:48 +02:00
8db01c6a3f
testing: Script building fresh certificates
2019-05-08 14:56:48 +02:00
3ee352a691
smp: Use correct printf specifier to print SPIs
2019-05-08 14:48:54 +02:00
e6e4113e9f
fast: Use correct printf specifier to print content length
2019-05-08 14:48:54 +02:00
12e64e5cf4
libimcv: Use proper printf specifier for unsigned issuer and responder IDs
2019-05-08 14:48:54 +02:00
994cff3fac
swima-collector: Use proper type for field precision
2019-05-08 14:48:54 +02:00
a4abb263c9
openssl: Fix build with OpenSSL 1.1.1 without compatibility layer
...
If OpenSSL is built with --api, defines for deprecated functions in
OpenSSL's header files are not visible anymore.
Fixes #3045 .
2019-05-08 14:28:18 +02:00
91dce6e876
travis: Build OpenSSL 1.1.1 without compatibility layer for older versions
...
Configuring 1.1.1 is not actually possible with 1.1.1b, not sure if
that's on purpose.
2019-05-08 14:27:19 +02:00
885c05b0da
travis: Make sure crypto plugins are actually loaded
2019-05-08 14:27:13 +02:00
ba817d2917
starter: Remove IPsec stack detection
...
Checking specifically for /proc/net/pfkey is not ideal as af_key will
eventually be removed in Linux kernels. Support for KLIPS is long gone.
The detection also wasn't used for anything anymore (failures were just
ignored since the ports to BSD-based systems). And modprobing doesn't seem
to be necessary either (charon-systemd doesn't do that, for instance).
2019-05-07 11:13:03 +02:00
c7a0b39bd6
vici: Add Python command wrappers to tarball
...
Fixes: e0f7da8644
2019-05-06 15:51:05 +02:00
c88030807e
pki: Fix memory leaks in --signcrl if signature scheme is not found
...
Fixes: dd4bd21c5a
2019-04-30 10:25:56 +02:00
bc0a01ff2e
testing: Update documentation in headers of all updown scripts
2019-04-29 17:43:04 +02:00
b31bff125c
swanctl: Move documentation of if_id_in/out after all mark-related options
...
Also fix a typo.
2019-04-29 17:38:28 +02:00
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
c546c1ba71
nonce: Allow overriding the RNG quality used to generate nonces
...
Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.
2019-04-29 10:49:35 +02:00
75d9dc40d4
unit-tests: Fix skipping of some ECDSA signature schemes
...
Closes strongswan/strongswan#137 .
2019-04-29 09:56:49 +02:00
23ff10551f
NEWS: Added some news for 5.8.0
2019-04-26 18:54:58 +02:00
6b952f6921
Merge branch 'update-vici-bindings'
...
Updates the command wrappers in all the bindings and simplifies calling
new commands (i.e. not yet wrapped) with the Python and Ruby bindings.
Fixes #3028 .
2019-04-26 10:19:21 +02:00
eefa81120c
vici: Update command wrappers in the Perl bindings
...
Note that load_key() now returns the complete response (to get the key
identifier).
2019-04-26 10:15:48 +02:00
968866afc6
vici: Update some data in the Ruby gemspec
2019-04-26 10:15:48 +02:00
cc2ef8f8a7
vici: Some code style fixes in the Ruby bindings
...
As reported by rubocop (some issues were not fixed, in particular
related to class/method length metrics).
2019-04-26 10:15:43 +02:00
1fef01af58
vici: Update command wrappers of the Ruby bindings
...
Also reorder them to match README.md.
2019-04-26 09:35:37 +02:00
3b39444556
vici: Refactor how commands are called in the Ruby bindings
...
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
2019-04-26 09:35:11 +02:00
42fe703a95
vici: Fix formatting of return values for load-conn and load-authority commands
2019-04-26 09:35:10 +02:00
c5113c8105
vici: Add missing command wrappers for Python bindings
...
Also change some for which the return value became relevant.
2019-04-26 09:35:10 +02:00
Andreas Steffen