aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/ikev2/ocsp-untrusted-cert
Commit message (Collapse)AuthorAgeFilesLines
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-142-2/+2
|
* testing: Add expect-connection calls for all tests and hostsTobias Brunner2016-06-161-0/+1
| | | | There are some exceptions (e.g. those that use auto=start or p2pnat).
* testing: Speed up OCSP scenariosTobias Brunner2015-11-091-1/+1
| | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately.
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-091-1/+1
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
* configure: Load fetcher plugins after crypto base pluginsMartin Willi2014-09-242-2/+2
| | | | | | | | | | Some fetcher plugins (such as curl) might build upon OpenSSL to implement HTTPS fetching. As we set (and can't unset) threading callbacks in our openssl plugin, we must ensure that OpenSSL functions don't get called after openssl plugin unloading. We achieve that by loading curl and all other fetcher plugins after the base crypto plugins, including openssl.
* Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenarioAndreas Steffen2014-03-311-1/+1
|
* revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-311-2/+1
| | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally.
* Updated comments in test.conf of all testsTobias Brunner2013-01-171-3/+3
|
* Renamed $UMLHOSTS to $VIRTHOSTSTobias Brunner2013-01-171-2/+2
|
* Adapt test configurationsReto Buerki2013-01-171-4/+4
| | | | Adapt test configurations to the new Debian-based system.
* removed plutostart parameterAndreas Steffen2012-06-132-2/+0
|
* load nonce pluginAndreas Steffen2012-05-232-2/+2
|
* upgraded ikev2 scenarios to 5.0.0Andreas Steffen2012-05-111-7/+7
|
* due to a bug fix reverted to the previous RULE_CRL_VALIDATION checkAndreas Steffen2011-09-091-1/+1
|
* adapted evaltest.dat to new RULE_OCSP_VALIDATIONAndreas Steffen2010-09-011-1/+1
|
* Added revocation plugin to ikev2 crl/ocsp test casesMartin Willi2010-07-132-2/+2
|
* Adding socket-default to the plugin list in all test cases.Tobias Brunner2010-03-092-2/+2
|
* tests load pem/pkcs1 plugins, pubkey plugin not needed anymoreMartin Willi2009-08-262-2/+2
|
* merged multi-auth branch back into trunkMartin Willi2009-04-141-1/+1
|
* explicitly load kernel-netlink plugin in UML scenariosAndreas Steffen2008-10-072-2/+2
|
* define plugins to be loaded in strongswan.confAndreas Steffen2008-05-282-0/+10
|
* adapted ikev2 uml scenarios for the 4.2 versionAndreas Steffen2008-04-013-3/+7
|
* removed all nexthop statementsAndreas Steffen2007-06-102-2/+0
|
* enabled crl fetching using crlcheckinterval != 0Andreas Steffen2007-04-054-6/+0
|
* block crl fetchingAndreas Steffen2007-04-052-0/+4
|
* removed killall opensslAndreas Steffen2007-03-151-1/+0
|
* deletedAndreas Steffen2007-03-153-21/+11
|
* addedAndreas Steffen2007-03-148-0/+118
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-25 03:53:16 +0000