aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/ikev2
Commit message (Collapse)AuthorAgeFilesLines
* testing: Add ikev2/net2net-rekey scenarioTobias Brunner2017-08-079-0/+115
|
* testing: Fix ikev2/two-certs scenarioTobias Brunner2017-05-261-1/+1
| | | | | | | Since 6a8a44be88b0 the certificate received by the client is verified first, before checking the cached certificates for any with matching identities. So we usually don't have to attempt to verify the signature with wrong certificates first and can avoid this message.
* testing: Created ikev2/rw-eap-aka-sql-rsa scenarioAndreas Steffen2017-04-2614-0/+162
| | | | This test scenario tests the eap-simaka-sql plugin.
* testing: Updated OCSP certificate for carolAndreas Steffen2017-03-214-222/+84
|
* Allow x25519 as an alias of the curve25519 KE algorithmAndreas Steffen2017-03-2018-34/+34
|
* testing: Added ikev2/net2net-ed25519 scenarioAndreas Steffen2016-12-1717-0/+173
|
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-14433-485/+514
|
* testing: Renewed expired certificatesAndreas Steffen2016-10-186-132/+132
|
* vici: strongswan.conf cache_crls = yes saves fetched CRLs to diskAndreas Steffen2016-10-114-2/+4
|
* testing: Remove ikev2/default-keys scenarioTobias Brunner2016-10-0510-156/+0
| | | | No default keys are generated anymore.
* testing: Added ikev2/net2net-multicast scenarioAndreas Steffen2016-09-279-0/+125
|
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-222-4/+4
|
* mgf1: Refactored MGF1 as an XOFAndreas Steffen2016-09-2118-18/+18
|
* testing: Add chapoly, ntru and newhope plugins to crypto and integrity testsAndreas Steffen2016-08-103-3/+3
|
* testing: Added ikev2/rw-newhope-bliss scenarioAndreas Steffen2016-08-1023-0/+193
|
* testing: Use TLS 1.2 in RADIUS test casesTobias Brunner2016-06-171-0/+3
| | | | | | | | | This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently.
* testing: Add expect-connection calls for all tests and hostsTobias Brunner2016-06-16115-6/+138
| | | | There are some exceptions (e.g. those that use auto=start or p2pnat).
* testing: Update test scenarios for Debian jessieTobias Brunner2016-06-16123-226/+226
| | | | | | | The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t.
* testing: Fix posttest.dat for ikev2/rw-dnssec scenarioTobias Brunner2016-06-161-6/+6
|
* testing: Fix scenarios that check /etc/resolv.confTobias Brunner2016-06-131-2/+2
|
* testing: wait until connections are loadedAndreas Steffen2016-05-1549-52/+97
|
* testing: List conntrack table on sun in ikev2/host2host-transport-connmark ↵Tobias Brunner2016-04-061-0/+1
| | | | scenario
* testing: Add ikev2/reauth-mbb-revoked scenarioTobias Brunner2016-03-109-0/+105
|
* testing: attr-sql is a charon plugin5.4.0dr8Andreas Steffen2016-03-055-10/+0
|
* testing: Add ikev2/redirect-active scenarioTobias Brunner2016-03-0420-0/+322
|
* libhydra: Remove empty unused libraryTobias Brunner2016-03-035-5/+5
|
* testing: Increased ping interval in ikev2/trap-any scenarioAndreas Steffen2016-02-161-5/+5
|
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-149-18/+18
|
* testing: Some more timing fixesAndreas Steffen2015-12-012-2/+2
|
* testing: Error messages of curl plugin have changed5.3.4rc1Andreas Steffen2015-11-133-4/+4
|
* testing: Fixed some more timing issuesAndreas Steffen2015-11-102-2/+2
|
* testing: Reduce runtime of all tests that use SQLite databases by storing ↵Tobias Brunner2015-11-0921-21/+35
| | | | them in ramfs
* testing: Fix test constraints in ikev2/rw-ntru-bliss scenarioTobias Brunner2015-11-091-4/+4
| | | | | Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes").
* testing: Use sha3 plugin in ikev2/rw-cert scenarioAndreas Steffen2015-11-093-3/+3
|
* testing: Speed up OCSP scenariosTobias Brunner2015-11-093-4/+4
| | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately.
* testing: Speed up ifdown calls in ikev2/mobike scenariosTobias Brunner2015-11-093-1/+13
| | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while.
* testing: Avoid delays with ping by using -W and -i optionsTobias Brunner2015-11-0913-19/+19
| | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply).
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-09156-239/+244
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
* testing: Adapt tests to retransmission settings and reduce DPD delay/timeoutTobias Brunner2015-11-099-19/+15
|
* testing: BLISS CA uses SHA-3 in its CRLAndreas Steffen2015-11-036-3/+6
|
* testing: added ikev2/alg-chacha20poly1305 scenarioAndreas Steffen2015-09-019-0/+106
|
* testing: Updated environment variable documentation in updown scriptsTobias Brunner2015-08-314-4/+36
|
* testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+3
|
* testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+4
|
* testing: Print triplets.dat files of clients in EAP-SIM scenariosTobias Brunner2015-08-214-0/+7
| | | | References #1078.
* testing: Add ikev2/trap-any scenarioTobias Brunner2015-08-1917-0/+181
|
* testing: Regenerated BLISS certificates due to oracle changesAndreas Steffen2015-07-276-0/+0
|
* testing: Updated loop ca certificatesAndreas Steffen2015-07-222-17/+17
|
* testing: Updated carol's certificate from research CA and dave's certificate ↵5.3.1dr1Andreas Steffen2015-04-2628-582/+582
| | | | from sales CA
* testing: Wait for DH crypto tests to completeAndreas Steffen2015-04-261-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 20:19:06 +0000