Andreas Steffen
74ac0c9efd
Version bump to 5.8.0rc1
2019-05-10 12:55:48 +02:00
Andreas Steffen
47879ca638
testing: Use strongswan systemd service
2019-05-10 12:55:09 +02:00
Andreas Steffen
6d8e6ec61b
testing: Load PEM keys in ikev2/net2-net-rsa scenario
2019-05-10 12:54:28 +02:00
Andreas Steffen
c9d898c9f4
testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario
2019-05-10 12:53:33 +02:00
SophieK
7e0e3ef4e0
keymat_v1: Avoid memory leak during IKE key derivation in some error cases
...
Closes strongswan/strongswan#138 .
2019-05-09 10:07:52 +02:00
Tobias Brunner
78cad110ea
Merge branch 'build-certs'
...
Adds a script to generate the keys and certificates used for regression
tests dynamically. They are built with the pki version installed in the
root image so it's not necessary to have an up-to-date version with all
required plugins installed on the host system.
2019-05-08 14:57:03 +02:00
Tobias Brunner
27f6d37544
testing: Return an error if any command in the certificate build script fails
2019-05-08 14:56:48 +02:00
Tobias Brunner
d3f678c08f
testing: Build certificates before guests after building strongSwan
...
If the script is run on a clean working copy, building the guests will
fail if the certificates don't exist.
2019-05-08 14:56:48 +02:00
Tobias Brunner
287149cbf9
testing: Automatically build guest images after generating certificates
...
This (re-)generates the CRLs on winnetou.
2019-05-08 14:56:48 +02:00
Tobias Brunner
ac66ca25f9
testing: Use custom plugin configuration to build SHA-3 CA
2019-05-08 14:56:48 +02:00
Tobias Brunner
532060c0fa
pki: Plugins to load may be defined via PKI_PLUGINS env variable
2019-05-08 14:56:48 +02:00
Tobias Brunner
21280da9f5
testing: Fix ikev2/net2net-rsa scenario
2019-05-08 14:56:48 +02:00
Tobias Brunner
da8e33f3ca
testing: Add wrapper script to build certificates in root image
...
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
2019-05-08 14:56:48 +02:00
Andreas Steffen
a89ad28b89
testing: Upgrade to Linux 5.1 kernel
2019-05-08 14:56:48 +02:00
Andreas Steffen
df6441a13f
pki: Allow inclusion of [unsupported] critical X.509 extension
2019-05-08 14:56:48 +02:00
Andreas Steffen
b213204b3b
testing: Updated build-certs script
2019-05-08 14:56:48 +02:00
Andreas Steffen
cfeae14b06
testing: Deleting dynamic test keys and certificates
2019-05-08 14:56:48 +02:00
Tobias Brunner
2a72056cee
testing: Exclude files that are ignored in Git from the distribution
...
Since the complete hosts and tests directories are part of the tarball
this would include generated certificates and keys.
2019-05-08 14:56:48 +02:00
Andreas Steffen
92c001f766
testing: Remove dynamic keys and certs from repository
2019-05-08 14:56:48 +02:00
Andreas Steffen
00f1d09729
testing: Build data.sql files for SQL test cases
2019-05-08 14:56:48 +02:00
Tobias Brunner
0c924641e6
pki: Add different output options for --keyid
...
Makes machine-processing these identifiers easier.
2019-05-08 14:56:48 +02:00
Tobias Brunner
05275905ef
testing: Build CERT and IPSECKEY RRs for strongswan.org zone
...
Also copy generated keys to DNSSEC test cases.
2019-05-08 14:56:48 +02:00
Tobias Brunner
1e059c837b
testing: Rename public keys in DNSSEC scenarios
...
We will generate PEM-encoded public keys with the script.
2019-05-08 14:56:48 +02:00
Tobias Brunner
326bb5f2c5
testing: Convert keys and certificates for all TKM scenarios
2019-05-08 14:56:48 +02:00
Tobias Brunner
0136852f19
testing: Disable leak detective in build-certs script
2019-05-08 14:56:48 +02:00
Andreas Steffen
8db01c6a3f
testing: Script building fresh certificates
2019-05-08 14:56:48 +02:00
Tobias Brunner
3ee352a691
smp: Use correct printf specifier to print SPIs
2019-05-08 14:48:54 +02:00
Tobias Brunner
e6e4113e9f
fast: Use correct printf specifier to print content length
2019-05-08 14:48:54 +02:00
Tobias Brunner
12e64e5cf4
libimcv: Use proper printf specifier for unsigned issuer and responder IDs
2019-05-08 14:48:54 +02:00
Tobias Brunner
994cff3fac
swima-collector: Use proper type for field precision
2019-05-08 14:48:54 +02:00
Tobias Brunner
a4abb263c9
openssl: Fix build with OpenSSL 1.1.1 without compatibility layer
...
If OpenSSL is built with --api, defines for deprecated functions in
OpenSSL's header files are not visible anymore.
Fixes #3045 .
2019-05-08 14:28:18 +02:00
Tobias Brunner
91dce6e876
travis: Build OpenSSL 1.1.1 without compatibility layer for older versions
...
Configuring 1.1.1 is not actually possible with 1.1.1b, not sure if
that's on purpose.
2019-05-08 14:27:19 +02:00
Tobias Brunner
885c05b0da
travis: Make sure crypto plugins are actually loaded
2019-05-08 14:27:13 +02:00
Tobias Brunner
ba817d2917
starter: Remove IPsec stack detection
...
Checking specifically for /proc/net/pfkey is not ideal as af_key will
eventually be removed in Linux kernels. Support for KLIPS is long gone.
The detection also wasn't used for anything anymore (failures were just
ignored since the ports to BSD-based systems). And modprobing doesn't seem
to be necessary either (charon-systemd doesn't do that, for instance).
2019-05-07 11:13:03 +02:00
Tobias Brunner
c7a0b39bd6
vici: Add Python command wrappers to tarball
...
Fixes: e0f7da8644
("vici: Extract command wrappers in Python bindings")
2019-05-06 15:51:05 +02:00
Tobias Brunner
c88030807e
pki: Fix memory leaks in --signcrl if signature scheme is not found
...
Fixes: dd4bd21c5a
("pki: Query private key for supported signature schemes")
2019-04-30 10:25:56 +02:00
Tobias Brunner
bc0a01ff2e
testing: Update documentation in headers of all updown scripts
2019-04-29 17:43:04 +02:00
Tobias Brunner
b31bff125c
swanctl: Move documentation of if_id_in/out after all mark-related options
...
Also fix a typo.
2019-04-29 17:38:28 +02:00
Tobias Brunner
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
Tobias Brunner
c546c1ba71
nonce: Allow overriding the RNG quality used to generate nonces
...
Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.
2019-04-29 10:49:35 +02:00
SophieK
75d9dc40d4
unit-tests: Fix skipping of some ECDSA signature schemes
...
Closes strongswan/strongswan#137 .
2019-04-29 09:56:49 +02:00
Tobias Brunner
23ff10551f
NEWS: Added some news for 5.8.0
2019-04-26 18:54:58 +02:00
Tobias Brunner
6b952f6921
Merge branch 'update-vici-bindings'
...
Updates the command wrappers in all the bindings and simplifies calling
new commands (i.e. not yet wrapped) with the Python and Ruby bindings.
Fixes #3028 .
2019-04-26 10:19:21 +02:00
Tobias Brunner
eefa81120c
vici: Update command wrappers in the Perl bindings
...
Note that load_key() now returns the complete response (to get the key
identifier).
2019-04-26 10:15:48 +02:00
Tobias Brunner
968866afc6
vici: Update some data in the Ruby gemspec
2019-04-26 10:15:48 +02:00
Tobias Brunner
cc2ef8f8a7
vici: Some code style fixes in the Ruby bindings
...
As reported by rubocop (some issues were not fixed, in particular
related to class/method length metrics).
2019-04-26 10:15:43 +02:00
Tobias Brunner
1fef01af58
vici: Update command wrappers of the Ruby bindings
...
Also reorder them to match README.md.
2019-04-26 09:35:37 +02:00
Tobias Brunner
3b39444556
vici: Refactor how commands are called in the Ruby bindings
...
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
2019-04-26 09:35:11 +02:00
Tobias Brunner
42fe703a95
vici: Fix formatting of return values for load-conn and load-authority commands
2019-04-26 09:35:10 +02:00
Tobias Brunner
c5113c8105
vici: Add missing command wrappers for Python bindings
...
Also change some for which the return value became relevant.
2019-04-26 09:35:10 +02:00