diff options
Diffstat (limited to 'testing/tests/tnc/tnccs-20-mutual-pt-tls')
10 files changed, 34 insertions, 20 deletions
diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 98c415edb..000000000 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -/* configuration is read from /etc/pts/options */ diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/pts/options b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/pts/options index 79ae1e866..7eea85def 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/pts/options +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/pts/options @@ -1,8 +1,8 @@ --connect sun.strongswan.org --client moon.strongswan.org ---key /etc/ipsec.d/private/moonKey.pem ---cert /etc/ipsec.d/certs/moonCert.pem ---cert /etc/ipsec.d/cacerts/strongswanCert.pem +--key /etc/swanctl/rsa/moonKey.pem +--cert /etc/swanctl/x509/moonCert.pem +--cert /etc/swanctl/x509ca/strongswanCert.pem --mutual --quiet --debug 2 diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/strongswan.conf index fafdac4aa..a476878ac 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/strongswan.conf @@ -1,7 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file pt-tls-client { - load = x509 openssl pem pkcs1 random nonce revocation curl tnc-tnccs tnc-imc tnc-imv tnccs-20 + load = random nonce x509 openssl pem pkcs1 revocation curl tnc-tnccs tnc-imc tnc-imv tnccs-20 +} + +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 } libimcv { diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..28da4d427 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# the PT-TLS client reads its configuration and secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/ipsec.conf deleted file mode 100644 index ba629a24f..000000000 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/ipsec.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - charondebug="tnc 2, imc 2, imv 2" - -conn pdp - leftcert=sunCert.pem - leftid=sun.strongswan.org - auto=add diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf index 05ffdb178..9e694bc01 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf @@ -1,8 +1,21 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = x509 openssl pem pkcs1 random nonce curl revocation stroke kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20 + load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20 + start-scripts { + creds = /usr/local/sbin/swanctl --load-creds + } + syslog { + auth { + default = 0 + } + daemon { + tnc = 2 + imc = 2 + imv = 2 + } + } plugins { tnc-pdp { server = sun.strongswan.org @@ -16,6 +29,10 @@ charon { } } +libtls { + suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +} + libimcv { plugins { imc-test { diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/swantcl/swanctl.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/swantcl/swanctl.conf new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/swantcl/swanctl.conf diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat index e6ccb14fe..d1f83a319 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat @@ -1 +1 @@ -sun::ipsec stop +sun::service charon stop diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat index 07b17600d..af53e6c9b 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat @@ -1,4 +1,4 @@ -sun::ipsec start +sun::service charon start moon::cat /etc/pts/options -sun::expect-connection pdp +moon::sleep 1 moon::ipsec pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/test.conf index 55d6e9fd6..5c095cefa 100644 --- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/test.conf +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun" # Used for IPsec logging purposes # IPSECHOSTS="moon sun" + +# charon controlled by swanctl +# +SWANCTL=1 |