aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNCTobias Brunner2015-11-094-114/+1
|
* testing: Add test config to create and remove a directory for DBs stored in ↵Tobias Brunner2015-11-091-1/+23
| | | | ramfs
* testing: Improve runtime of TNC tests by storing the SQLite DB in ramfsTobias Brunner2015-11-0914-9/+30
| | | | This saves about 50%-70% of the time needed for scenarios that use a DB.
* testing: Fix test constraints in ikev2/rw-ntru-bliss scenarioTobias Brunner2015-11-091-4/+4
| | | | | Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes").
* testing: Use sha3 plugin in ikev2/rw-cert scenarioAndreas Steffen2015-11-093-3/+3
|
* mediation: Reschedule initiate mediation job if SA is not yet foundTobias Brunner2015-11-091-0/+4
| | | | | | | | | If the job gets queued for a newly created IKE_SA it might not yet be checked in when the job is running, reschedule the job in that case. This should fix the two p2pnat test scenarios, which occasionally failed because one of the peers did not initiate the connection to the mediation server.
* testing: Report the actual strongSwan and kernel versionsTobias Brunner2015-11-091-0/+6
|
* testing: Record strongSwan version when building from tarballTobias Brunner2015-11-091-0/+1
|
* testing: Record strongSwan version when building from source treeTobias Brunner2015-11-091-0/+11
|
* testing: Report time required for all scenarios on test overview pageTobias Brunner2015-11-091-4/+13
|
* ike-sa-manager: Signal entries that we don't actually check outTobias Brunner2015-11-091-1/+8
| | | | | | | | | In some cases we call wait_for_entry() but don't actually check out the entry afterwards (e.g. because it doesn't match certain criteria). So there won't be a call to checkin() for such entries causing waiting threads to get signaled. Instead, such threads would be blocked until another thread properly checks out/in the entry (or does a blocking enumeration).
* ike-sa-manager: Signal waiting threads after check out/in for uniqueness checkTobias Brunner2015-11-091-0/+3
| | | | Fixes 758b1caa0e75 ("ikev1: Prevent deadlock when checking for duplicate IKEv1 SAs")
* testing: Remove old SWID tags when building from repositoryTobias Brunner2015-11-091-0/+3
| | | | This fixes the TNC-PDP scenarios.
* testing: Don't log anything to the console if auth.log or daemon.log do not ↵Tobias Brunner2015-11-091-2/+2
| | | | exist
* testing: Simplify fetching of swanctl --list-* outputTobias Brunner2015-11-091-20/+8
|
* testing: Don't run redundant crypto tests in sql/rw-cert scenarioTobias Brunner2015-11-091-4/+1
| | | | | They run in all other rw-cert scenarios but in the SQL version there is no change in the loaded crypto plugins.
* testing: Fix CRL URIs in ipv6/net2net-ip4-in-ip6-ikev* scenariosTobias Brunner2015-11-092-2/+2
|
* testing: Speed up OCSP scenariosTobias Brunner2015-11-093-4/+4
| | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately.
* testing: Speed up ifdown calls in ikev2/mobike scenariosTobias Brunner2015-11-093-1/+13
| | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while.
* testing: Avoid delays with ping by using -W and -i optionsTobias Brunner2015-11-0933-55/+55
| | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply).
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-09303-452/+500
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
* ikev1: Fix calculation of DPD timeoutTobias Brunner2015-11-091-0/+2
| | | | | A DPD timeout job is queued whenever a DPD is sent, i.e. after the DPD delay already has elapsed, so we have to compensate for that.
* testing: Adapt tests to retransmission settings and reduce DPD delay/timeoutTobias Brunner2015-11-0926-43/+43
|
* ipsec: Quit script quicker for ipsec stopTobias Brunner2015-11-091-2/+2
| | | | | | | It rarely takes 1 second or longer to terminate the daemon. This decreases the runtime of the post test step a lot where `ipsec stop` is called for multiple hosts in each test case (10-15 minutes over all test cases).
* testing: Only send two retransmits after 1 second each to fail negative ↵Tobias Brunner2015-11-091-0/+6
| | | | tests earlier
* testing: Add a base strongswan.conf file used by all hosts in all scenariosTobias Brunner2015-11-092-0/+2
| | | | | | We will use this to set some defaults (e.g. timeouts to make testing negative tests quicker). We don't want these settings to show up in the configs of the actual scenarios though.
* xauth: Call authorize() hook also when xauth-noauth is usedTobias Brunner2015-11-091-2/+8
| | | | Fixes #1138.
* libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()Tobias Brunner2015-11-093-4/+16
|
* plugin-loader: Optionally use RTLD_NOW with dlopen()Tobias Brunner2015-11-092-6/+15
| | | | | | | | | This can be useful when writing custom plugins as typos or missing linker flags that result in unresolved symbols in the shared object could otherwise cause late crashes. In particular, if such a symbol is used in a code path that is rarely executed. During development and testing using RTLD_NOW instead of RTLD_LAZY will prevent the plugin from getting loaded and makes the error visible immediately.
* windows: Define RTLD_NOW, even if it is not usedTobias Brunner2015-11-091-0/+5
|
* kernel-pfkey: Enable ENCR_AES_CTR when it's availableRenato Botelho2015-11-091-1/+3
| | | | | | Obtained-from: pfSense Sponsored-by: Rubicon Communications (Netgate) Closes strongswan/strongswan#17.
* vici: Add NAT information when listing IKE_SAsTobias Brunner2015-11-092-0/+21
| | | | | | | | | | The `nat-local` and `nat-remote` keys contain information on the NAT status of the local and remote IKE endpoints, respectively. If a responder did not detect a NAT but is configured to fake a NAT situation this is indicated by `nat-fake` (if an initiator fakes a NAT situation `nat-local` is set). If any NAT is detected or faked `nat-any` is set. Closes strongswan/strongswan#16.
* Merge branch 'iv-gen-null-encr'Tobias Brunner2015-11-0916-1/+1348
|\ | | | | | | | | | | Fixes NULL encryption in libipsec. Fixes #1174.
| * testing: Add libipsec/net2net-null scenarioTobias Brunner2015-11-0911-0/+1245
| |
| * iv-gen: Use NULL IV generator for NULL encryptionTobias Brunner2015-11-091-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | We don't need an IV for NULL encryption, so we wouldn't technically need an IV generator. But some of the code currently relies on an IV generator to be present. So we don't have to change that code and handle IV size == 0 specially we use the new NULL IV generator, which handles this transparently to the existing code. Before 3c81cb6fc322 ("aead: Create AEAD using traditional transforms with an explicit IV generator") iv_gen_rand_t was used for NULL encryption, which would work too but this way it's clearer.
| * crypto: Add NULL IV generatorTobias Brunner2015-11-094-1/+98
|/ | | | | This does not actually allocate an IV and only accepts requests for size == 0.
* configure: Load sha1 and random plugins in manager by defaultTobias Brunner2015-11-091-3/+3
| | | | | | | | | If the openssl plugin is not enabled we need these to generate session IDs and to authenticate the users. The md4 plugin is not needed in the manager. Fixes #1168.
* stroke: Make down-nb actually non-blockingTobias Brunner2015-11-091-31/+40
| | | | Fixes #1191.
* Version bump to 5.3.4dr2Andreas Steffen2015-11-061-1/+1
|
* testing: Updated hasher testsAndreas Steffen2015-11-062-4/+83
|
* Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemesAndreas Steffen2015-11-0612-89/+109
|
* Version bump to 5.3.4dr15.3.4dr1Andreas Steffen2015-11-042-1/+10
|
* Use word-aligned XOR in sha3_absorb()Andreas Steffen2015-11-031-4/+47
|
* testing: BLISS CA uses SHA-3 in its CRLAndreas Steffen2015-11-038-5/+9
|
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-0310-9/+52
|
* Implemented SHA-3 hash algorithm including test vectorsAndreas Steffen2015-11-0310-1/+1034
|
* Defined SHA-3 hashersAndreas Steffen2015-11-033-10/+59
|
* testing: Update tkm to version 0.1.3Tobias Brunner2015-10-301-1/+1
| | | | | | Adds XFRM state/policy flush when terminating which caused tests to fail due to the check added with 9086f060d35a ("testing: Let test scenarios fail if IPsec SAs or policies are not removed").
* libipsec: Properly support CAMELLIA in CTR modeTobias Brunner2015-10-301-0/+1
|
* ikev2: Fix size of key material for CAMELLIA-CTRTobias Brunner2015-10-301-0/+1
| | | | Like AES in CTR mode it includes a 4 byte nonce.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 05:04:03 +0000