| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This took a while as in the OpenSSL package shipped with Debian and on which
our FIPS-enabled package is based, the function SSL_export_keying_material(),
which is used by FreeRADIUS to derive the MSK, did not use the correct digest
to calculate the result when TLS 1.2 was used. This caused IKE to fail with
"verification of AUTH payload with EAP MSK failed". The fix was only
backported to jessie recently.
|
| |
|
|
| |
There are some exceptions (e.g. those that use auto=start or p2pnat).
|
| |
|
|
|
|
|
| |
The main difference is that ping now reports icmp_seq instead of
icmp_req, so we match for icmp_.eq, which works with both releases.
tcpdump now also reports port 4500 as ipsec-nat-t.
|
| |
|
|
|
| |
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
|
| |
|
|
|
| |
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
|
| |
|
|
|
|
|
|
|
|
| |
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Adapt test configurations to the new Debian-based system.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
