aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/ikev2
Commit message (Collapse)AuthorAgeFilesLines
* testing: Add ikev2/net2net-fragmentation scenarioTobias Brunner2014-10-109-0/+116
|
* Updated revoked certificate in ikev2/ocsp-revoked scenarioAndreas Steffen2014-10-052-42/+42
|
* The critical-extension scenarios need the old private keysAndreas Steffen2014-10-052-0/+54
|
* testing: Make sure the whitelist plugin is ready before configuring itTobias Brunner2014-10-031-1/+3
|
* testing: Update PKCS#12 containersTobias Brunner2014-10-032-0/+0
|
* testing: Update PKCS#8 keysTobias Brunner2014-10-033-81/+81
|
* testing: Update public keys in DNSSEC scenariosTobias Brunner2014-10-033-0/+0
| | | | | The tests are successful even if the public keys are not stored locally, but an additional DNS query is required to fetch them.
* testing: Update carols certificate in several test casesTobias Brunner2014-10-032-43/+43
|
* testing: Add some notes about how to reissue attribute certificatesMartin Willi2014-10-033-0/+61
|
* testing: Reissue attribute certificates for the new holder certificatesMartin Willi2014-10-038-72/+72
| | | | | | Due to the expired and reissued holder certificates of carol and dave, new attribute certificates are required to match the holder certificates serial in the ikev2/acert-{cached,fallback,inline} tests.
* configure: Load fetcher plugins after crypto base pluginsMartin Willi2014-09-24321-321/+321
| | | | | | | | | | Some fetcher plugins (such as curl) might build upon OpenSSL to implement HTTPS fetching. As we set (and can't unset) threading callbacks in our openssl plugin, we must ensure that OpenSSL functions don't get called after openssl plugin unloading. We achieve that by loading curl and all other fetcher plugins after the base crypto plugins, including openssl.
* Generated new test certificatesAndreas Steffen2014-08-282-42/+42
|
* testing: Add pfkey/shunt-policies-nat-rw scenarioTobias Brunner2014-06-261-0/+2
|
* testing: Add ikev2/shunt-policies-nat-rw scenarioTobias Brunner2014-06-1912-0/+171
|
* testing: Remove ikev2/shunt-policies scenarioTobias Brunner2014-06-1910-166/+0
| | | | | This scenario doesn't really apply anymore (especially its use of drop policies).
* Renewed expired user certificateAndreas Steffen2014-04-152-42/+42
|
* testing: Run 'conntrack -F' before all test scenariosTobias Brunner2014-04-0218-27/+4
| | | | This prevents failures due to remaining conntrack entries.
* Test TLS AEAD cipher suitesAndreas Steffen2014-04-017-4/+13
|
* Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenarioAndreas Steffen2014-03-311-1/+1
|
* revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-312-3/+2
| | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally.
* testing: Add an acert test that forces a fallback connection based on groupsMartin Willi2014-03-3113-0/+199
|
* testing: Add an acert test case sending attribute certificates inlineMartin Willi2014-03-3118-0/+291
|
* testing: Add an acert test using locally cached attribute certificatesMartin Willi2014-03-3116-0/+239
|
* Renewed self-signed OCSP signer certificateAndreas Steffen2014-03-272-28/+28
|
* Check that valid OCSP responses are received in the ikev2/ocsp-multi-level ↵Andreas Steffen2014-03-241-0/+4
| | | | scenario
* Updated expired certificates issued by the Research and Sales Intermediate CAsAndreas Steffen2014-03-244-87/+87
|
* Renewed revoked Research CA certificate5.1.3dr1Andreas Steffen2014-03-221-9/+9
|
* Completed integration of ntru_crypto library into ntru pluginAndreas Steffen2014-03-229-0/+128
|
* Merged libstrongswan options into charon sectionAndreas Steffen2014-03-1520-51/+4
|
* Added ikev2/lookip scenarioAndreas Steffen2014-02-1711-0/+149
|
* testing: Use installed SQL schema instead of local copyTobias Brunner2014-02-125-11/+11
|
* testing: Add ikev2/host2host-transport-nat scenarioTobias Brunner2014-01-239-0/+146
|
* testing: Add ikev2/compress-nat scenarioTobias Brunner2014-01-2312-0/+187
|
* testing: Enable firewall for ikev2/compress scenarioTobias Brunner2014-01-238-7/+14
| | | | | Additionally, send a regular (small) ping as the kernel does not compress small packets and handles those differently inbound.
* Any of the four NTRU parameter sets can be selectedAndreas Steffen2013-11-271-0/+8
|
* Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenariosAndreas Steffen2013-11-2723-0/+284
|
* testing: Add ikev2/net2net-dnscert scenarioTobias Brunner2013-10-1115-0/+224
|
* testing: Add an IKEv2 host2host AH transport mode test caseMartin Willi2013-10-119-0/+89
|
* testing: Add an IKEv2 net2net AH test caseMartin Willi2013-10-119-0/+101
|
* testing: Don't load certificates explicitly and delete CA certificates in ↵Tobias Brunner2013-07-153-2/+3
| | | | | | PKCS#12 scenarios Certificates are now properly extracted from PKCS#12 files.
* Added ikev2/net2net-pkcs12 scenarioAndreas Steffen2013-07-1013-0/+116
|
* conntrack -F makes ikev2/nat-rw scenario to work alwaysAndreas Steffen2013-07-101-0/+1
|
* dhcp: Use chunk_hash_static() to calculate ID-based MAC addressesTobias Brunner2013-06-282-4/+4
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-079-13/+13
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-074-6/+6
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* disable reauth, tooAndreas Steffen2013-04-151-1/+2
|
* Added charon.initiator_only option which causes charon to ignore IKE ↵Andreas Steffen2013-04-1411-0/+132
| | | | initiation requests by peers
* Added Framed-IP-Address information to RADIUS accounting recordsAndreas Steffen2013-03-222-0/+2
|
* Added ikev2/rw-eap-framed-ip-radius scenarioAndreas Steffen2013-03-2219-0/+266
|
* Added ikev2/ip-two-pools-v4v6-db scenarioAndreas Steffen2013-03-229-0/+110
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 18:25:07 +0000