diff options
44 files changed, 219 insertions, 41 deletions
diff --git a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..304ef99e0 --- /dev/null +++ b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no + crypto_test { + on_add = yes + } +} diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf index ef63f7262..f1dcd52e9 100644 --- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf index 8dcb265b7..7133aef00 100644 --- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,9 +1,15 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink + load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink } pluto { - load = curl aes des sha1 sha2 md5 gmp random pubkey hmac + load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..304ef99e0 --- /dev/null +++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no + crypto_test { + on_add = yes + } +} diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..304ef99e0 --- /dev/null +++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -0,0 +1,14 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no + crypto_test { + on_add = yes + } +} diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 40eb84b8a..de122acff 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 40eb84b8a..de122acff 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 40eb84b8a..de122acff 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf index ce047eba1..16171feb3 100755 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf @@ -23,5 +23,4 @@ conn rw-eap rightsendcert=never rightauth=eap-aka eap_identity=%any - right=%any auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf index 8cffbe3b3..5f779d1af 100755 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf @@ -9,15 +9,16 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_CAROL leftnexthop=%direct leftid=carol@strongswan.org + leftauth=eap leftfirewall=yes eap_identity=carol right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + rightauth=pubkey auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf index 08b920afd..11ff84400 100755 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf @@ -12,15 +12,15 @@ conn %default keyexchange=ikev2 conn rw-eap - authby=rsasig - eap=radius - eap_identity=%identity left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org leftcert=moonCert.pem + leftauth=pubkey leftfirewall=yes rightid=*@strongswan.org rightsendcert=never + rightauth=eap-radius + eap_identity=%any right=%any auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf index 2af93a313..ba9294f6a 100755 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf @@ -9,14 +9,15 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_CAROL leftnexthop=%direct leftid=carol@strongswan.org + leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + rightauth=pubkey auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf index 825994278..4a885babc 100755 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf @@ -12,14 +12,14 @@ conn %default keyexchange=ikev2 conn rw-eap - authby=rsasig - eap=radius left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org leftcert=moonCert.pem + leftauth=pubkey leftfirewall=yes rightid=*@strongswan.org + rightauth=eap-radius rightsendcert=never right=%any auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf index 2af93a313..ba9294f6a 100755 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf @@ -9,14 +9,15 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_CAROL leftnexthop=%direct leftid=carol@strongswan.org + leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + rightauth=pubkey auto=add diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf index 7777e914b..28d52b9eb 100755 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf @@ -12,14 +12,14 @@ conn %default keyexchange=ikev2 conn rw-eap - authby=rsasig - eap=md5 left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org leftcert=moonCert.pem + leftauth=pubkey leftfirewall=yes rightid=*@strongswan.org + rightauth=eap-md5 rightsendcert=never right=%any auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf index 94186cfa9..d3a99fe41 100755 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf @@ -9,15 +9,16 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_CAROL leftnexthop=%direct leftid=carol@strongswan.org leftfirewall=yes + leftauth=eap eap_identity=228060123456001 right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + rightauth=pubkey auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf index 08b920afd..a86bb3d73 100755 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf @@ -12,15 +12,15 @@ conn %default keyexchange=ikev2 conn rw-eap - authby=rsasig - eap=radius - eap_identity=%identity left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org leftcert=moonCert.pem + leftauth=pubkey leftfirewall=yes rightid=*@strongswan.org + rightauth=eap-radius + eap_identity=%any rightsendcert=never right=%any auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf index 2af93a313..ba9294f6a 100755 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf @@ -9,14 +9,15 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_CAROL leftnexthop=%direct leftid=carol@strongswan.org + leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + rightauth=pubkey auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf index 509deb945..53ecb4d70 100755 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf @@ -12,14 +12,14 @@ conn %default keyexchange=ikev2 conn rw-eapsim - authby=rsasig - eap=sim left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org leftcert=moonCert.pem + leftauth=pubkey leftfirewall=yes rightid=*@strongswan.org + rightauth=eap-sim right=%any rightsendcert=never auto=add diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf index ce37764d4..9836736c3 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf index ffe0cc1c2..c4211619b 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf index ce37764d4..9836736c3 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf index 19d63693b..668998653 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf index ffe0cc1c2..c4211619b 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf index 19d63693b..668998653 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf index 0736ee6df..b0b6ff738 100755 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.conf @@ -11,7 +11,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - authby=ecdsasig conn home left=PH_IP_CAROL diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf index ce37764d4..9836736c3 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf index adf26f085..23813b20b 100755 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.conf @@ -11,7 +11,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - authby=ecdsasig conn home left=PH_IP_DAVE diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf index ffe0cc1c2..c4211619b 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf index f85d2635e..f22a4ac4c 100755 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.conf @@ -11,7 +11,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - authby=ecdsasig conn carol also=moon diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf index ce37764d4..9836736c3 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf @@ -3,3 +3,9 @@ pluto { load = openssl pubkey random hmac curl } + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index 1887f7607..e10230384 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,6 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf index 4f6fdc567..c75d6b2a1 100755 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf @@ -11,7 +11,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=ecdsasig conn home left=PH_IP_CAROL diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf index 3138458ed..080ce9bce 100755 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf @@ -11,7 +11,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=ecdsasig conn home left=PH_IP_DAVE diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf index 892e0c39b..c932101d2 100755 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf @@ -11,7 +11,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=ecdsasig conn rw left=PH_IP_MOON diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf index e10230384..195bcf046 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,12 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown } + +libstrongswan { + crypto_test { + on_add = yes + } +} + diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf index d46082bdd..f4b6dfdb9 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,5 +1,12 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown +} + +libstrongswan { + crypto_test { + required = yes + on_add = yes + } } diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 1887f7607..166e24e7c 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,6 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - dh_exponent_ansi_x9_42 = no - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf index db6fa7486..2f3bc449a 100644 --- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf index db6fa7486..2f3bc449a 100644 --- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf index db6fa7486..2f3bc449a 100644 --- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf index 29e2395e8..329498d28 100644 --- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf @@ -6,5 +6,11 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf index 29e2395e8..329498d28 100644 --- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf @@ -6,5 +6,11 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql +} + +libstrongswan { + crypto_test { + on_add = yes + } } diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf index 29e2395e8..329498d28 100644 --- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf @@ -6,5 +6,11 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql +} + +libstrongswan { + crypto_test { + on_add = yes + } } |