aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xtesting/hosts/winnetou/etc/openssl/generate-crl2
-rw-r--r--testing/scripts/recipes/013_strongswan.mk3
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf2
8 files changed, 9 insertions, 5 deletions
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index f064bdb0b..842c3a1b2 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -45,5 +45,5 @@ openssl ca -gencrl -crldays 15 -config /etc/openssl/rfc3779/openssl.cnf -out crl
openssl crl -in crl.pem -outform der -out strongswan_rfc3779.crl
cp strongswan_rfc3779.crl ${ROOT}
cd /etc/openssl/bliss
-pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha512 > strongswan_bliss.crl
+pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha3_512 > strongswan_bliss.crl
cp strongswan_bliss.crl ${ROOT}
diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index 404c6c6bf..7acd3651c 100644
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -98,7 +98,8 @@ CONFIG_OPTS = \
--enable-ntru \
--enable-lookip \
--enable-swanctl \
- --enable-bliss
+ --enable-bliss \
+ --enable-sha3
export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf
index f13e47a71..647a47f2f 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf
@@ -1,6 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ strictcrlpolicy=yes
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
index ab824c993..c47ca8027 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf
index 5f605a43d..e7786040c 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf
@@ -1,6 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ strictcrlpolicy=yes
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
index ab824c993..c47ca8027 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf
index 2a9b33aae..e5c2bf8b6 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf
@@ -1,6 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
+ strictcrlpolicy=yes
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
index ab824c993..c47ca8027 100644
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+ load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-17 02:02:55 +0000