Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | testing: Add ikev2/net2net-rekey scenario | Tobias Brunner | 2017-08-07 | 9 | -0/+115 |
| | |||||
* | testing: Fix ikev2/two-certs scenario | Tobias Brunner | 2017-05-26 | 1 | -1/+1 |
| | | | | | | | Since 6a8a44be88b0 the certificate received by the client is verified first, before checking the cached certificates for any with matching identities. So we usually don't have to attempt to verify the signature with wrong certificates first and can avoid this message. | ||||
* | testing: Created ikev2/rw-eap-aka-sql-rsa scenario | Andreas Steffen | 2017-04-26 | 14 | -0/+162 |
| | | | | This test scenario tests the eap-simaka-sql plugin. | ||||
* | testing: Updated OCSP certificate for carol | Andreas Steffen | 2017-03-21 | 4 | -222/+84 |
| | |||||
* | Allow x25519 as an alias of the curve25519 KE algorithm | Andreas Steffen | 2017-03-20 | 18 | -34/+34 |
| | |||||
* | testing: Added ikev2/net2net-ed25519 scenario | Andreas Steffen | 2016-12-17 | 17 | -0/+173 |
| | |||||
* | testing: make curve25519 the default DH group | Andreas Steffen | 2016-11-14 | 433 | -485/+514 |
| | |||||
* | testing: Renewed expired certificates | Andreas Steffen | 2016-10-18 | 6 | -132/+132 |
| | |||||
* | vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk | Andreas Steffen | 2016-10-11 | 4 | -2/+4 |
| | |||||
* | testing: Remove ikev2/default-keys scenario | Tobias Brunner | 2016-10-05 | 10 | -156/+0 |
| | | | | No default keys are generated anymore. | ||||
* | testing: Added ikev2/net2net-multicast scenario | Andreas Steffen | 2016-09-27 | 9 | -0/+125 |
| | |||||
* | gmp: Support of SHA-3 RSA signatures | Andreas Steffen | 2016-09-22 | 2 | -4/+4 |
| | |||||
* | mgf1: Refactored MGF1 as an XOF | Andreas Steffen | 2016-09-21 | 18 | -18/+18 |
| | |||||
* | testing: Add chapoly, ntru and newhope plugins to crypto and integrity tests | Andreas Steffen | 2016-08-10 | 3 | -3/+3 |
| | |||||
* | testing: Added ikev2/rw-newhope-bliss scenario | Andreas Steffen | 2016-08-10 | 23 | -0/+193 |
| | |||||
* | testing: Use TLS 1.2 in RADIUS test cases | Tobias Brunner | 2016-06-17 | 1 | -0/+3 |
| | | | | | | | | | This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently. | ||||
* | testing: Add expect-connection calls for all tests and hosts | Tobias Brunner | 2016-06-16 | 115 | -6/+138 |
| | | | | There are some exceptions (e.g. those that use auto=start or p2pnat). | ||||
* | testing: Update test scenarios for Debian jessie | Tobias Brunner | 2016-06-16 | 123 | -226/+226 |
| | | | | | | | The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t. | ||||
* | testing: Fix posttest.dat for ikev2/rw-dnssec scenario | Tobias Brunner | 2016-06-16 | 1 | -6/+6 |
| | |||||
* | testing: Fix scenarios that check /etc/resolv.conf | Tobias Brunner | 2016-06-13 | 1 | -2/+2 |
| | |||||
* | testing: wait until connections are loaded | Andreas Steffen | 2016-05-15 | 49 | -52/+97 |
| | |||||
* | testing: List conntrack table on sun in ikev2/host2host-transport-connmark ↵ | Tobias Brunner | 2016-04-06 | 1 | -0/+1 |
| | | | | scenario | ||||
* | testing: Add ikev2/reauth-mbb-revoked scenario | Tobias Brunner | 2016-03-10 | 9 | -0/+105 |
| | |||||
* | testing: attr-sql is a charon plugin5.4.0dr8 | Andreas Steffen | 2016-03-05 | 5 | -10/+0 |
| | |||||
* | testing: Add ikev2/redirect-active scenario | Tobias Brunner | 2016-03-04 | 20 | -0/+322 |
| | |||||
* | libhydra: Remove empty unused library | Tobias Brunner | 2016-03-03 | 5 | -5/+5 |
| | |||||
* | testing: Increased ping interval in ikev2/trap-any scenario | Andreas Steffen | 2016-02-16 | 1 | -5/+5 |
| | |||||
* | 128 bit default security strength requires 3072 bit prime DH group | Andreas Steffen | 2015-12-14 | 9 | -18/+18 |
| | |||||
* | testing: Some more timing fixes | Andreas Steffen | 2015-12-01 | 2 | -2/+2 |
| | |||||
* | testing: Error messages of curl plugin have changed5.3.4rc1 | Andreas Steffen | 2015-11-13 | 3 | -4/+4 |
| | |||||
* | testing: Fixed some more timing issues | Andreas Steffen | 2015-11-10 | 2 | -2/+2 |
| | |||||
* | testing: Reduce runtime of all tests that use SQLite databases by storing ↵ | Tobias Brunner | 2015-11-09 | 21 | -21/+35 |
| | | | | them in ramfs | ||||
* | testing: Fix test constraints in ikev2/rw-ntru-bliss scenario | Tobias Brunner | 2015-11-09 | 1 | -4/+4 |
| | | | | | Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes"). | ||||
* | testing: Use sha3 plugin in ikev2/rw-cert scenario | Andreas Steffen | 2015-11-09 | 3 | -3/+3 |
| | |||||
* | testing: Speed up OCSP scenarios | Tobias Brunner | 2015-11-09 | 3 | -4/+4 |
| | | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately. | ||||
* | testing: Speed up ifdown calls in ikev2/mobike scenarios | Tobias Brunner | 2015-11-09 | 3 | -1/+13 |
| | | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while. | ||||
* | testing: Avoid delays with ping by using -W and -i options | Tobias Brunner | 2015-11-09 | 13 | -19/+19 |
| | | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply). | ||||
* | testing: Remove nearly all sleep calls from pretest and posttest scripts | Tobias Brunner | 2015-11-09 | 156 | -239/+244 |
| | | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep. | ||||
* | testing: Adapt tests to retransmission settings and reduce DPD delay/timeout | Tobias Brunner | 2015-11-09 | 9 | -19/+15 |
| | |||||
* | testing: BLISS CA uses SHA-3 in its CRL | Andreas Steffen | 2015-11-03 | 6 | -3/+6 |
| | |||||
* | testing: added ikev2/alg-chacha20poly1305 scenario | Andreas Steffen | 2015-09-01 | 9 | -0/+106 |
| | |||||
* | testing: Updated environment variable documentation in updown scripts | Tobias Brunner | 2015-08-31 | 4 | -4/+36 |
| | |||||
* | testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario | Tobias Brunner | 2015-08-21 | 1 | -0/+3 |
| | |||||
* | testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario | Tobias Brunner | 2015-08-21 | 1 | -0/+4 |
| | |||||
* | testing: Print triplets.dat files of clients in EAP-SIM scenarios | Tobias Brunner | 2015-08-21 | 4 | -0/+7 |
| | | | | References #1078. | ||||
* | testing: Add ikev2/trap-any scenario | Tobias Brunner | 2015-08-19 | 17 | -0/+181 |
| | |||||
* | testing: Regenerated BLISS certificates due to oracle changes | Andreas Steffen | 2015-07-27 | 6 | -0/+0 |
| | |||||
* | testing: Updated loop ca certificates | Andreas Steffen | 2015-07-22 | 2 | -17/+17 |
| | |||||
* | testing: Updated carol's certificate from research CA and dave's certificate ↵5.3.1dr1 | Andreas Steffen | 2015-04-26 | 28 | -582/+582 |
| | | | | from sales CA | ||||
* | testing: Wait for DH crypto tests to complete | Andreas Steffen | 2015-04-26 | 1 | -1/+1 |
| |