Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | testing: Created ikev2/rw-eap-aka-sql-rsa scenario | Andreas Steffen | 2017-04-26 | 14 | -0/+162 | |
| | | | | This test scenario tests the eap-simaka-sql plugin. | |||||
* | testing: List BLIS certs in swanctl/rw-newhope-bliss scenario | Andreas Steffen | 2017-03-27 | 3 | -3/+3 | |
| | ||||||
* | testing: Updated OCSP certificate for carol | Andreas Steffen | 2017-03-21 | 8 | -444/+168 | |
| | ||||||
* | Allow x25519 as an alias of the curve25519 KE algorithm | Andreas Steffen | 2017-03-20 | 83 | -171/+171 | |
| | ||||||
* | testing: Fix ALLOWED_HOSTS in strongTNC settings.ini | Tobias Brunner | 2017-02-16 | 2 | -2/+2 | |
| | ||||||
* | testing: Fix swanctl/ocsp-disabled scenario after changing the log messages | Tobias Brunner | 2017-02-16 | 1 | -2/+2 | |
| | ||||||
* | testing: Added swanctl/ocsp-disabled scenario | Andreas Steffen | 2017-01-02 | 11 | -0/+264 | |
| | ||||||
* | testing: Added swanctl/ocsp-signer-cert scenario | Andreas Steffen | 2017-01-02 | 11 | -0/+257 | |
| | ||||||
* | testing: Convert swanctl scenarios to curve-25519 | Andreas Steffen | 2016-12-30 | 55 | -101/+101 | |
| | ||||||
* | testing: strongTNC does not come with django.db any more | Andreas Steffen | 2016-12-17 | 2 | -2/+2 | |
| | ||||||
* | testing: Added ikev2/net2net-ed25519 scenario | Andreas Steffen | 2016-12-17 | 17 | -0/+173 | |
| | ||||||
* | Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates | Andreas Steffen | 2016-12-14 | 15 | -0/+218 | |
| | ||||||
* | testing: make curve25519 the default DH group | Andreas Steffen | 2016-11-14 | 819 | -1071/+1049 | |
| | ||||||
* | testing: Renewed expired certificates | Andreas Steffen | 2016-10-18 | 6 | -132/+132 | |
| | ||||||
* | Save both base and delta CRLs to disk | Andreas Steffen | 2016-10-11 | 5 | -9/+58 | |
| | ||||||
* | vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk | Andreas Steffen | 2016-10-11 | 13 | -2/+124 | |
| | ||||||
* | testing: Remove ikev2/default-keys scenario | Tobias Brunner | 2016-10-05 | 10 | -156/+0 | |
| | | | | No default keys are generated anymore. | |||||
* | testing: Enable outbound FWD policies in swanctl/manual-prio scenario | Tobias Brunner | 2016-09-28 | 1 | -5/+6 | |
| | ||||||
* | testing: Added swanctl/net2net-multicast scenario | Andreas Steffen | 2016-09-27 | 9 | -0/+166 | |
| | ||||||
* | testing: Added ikev2/net2net-multicast scenario | Andreas Steffen | 2016-09-27 | 9 | -0/+125 | |
| | ||||||
* | testing: Added swanctl/net2net-sha3-rsa-cert and swanctl/rw-eap-tls-sha3-rsa ↵ | Andreas Steffen | 2016-09-22 | 35 | -0/+803 | |
| | | | | scenarios | |||||
* | gmp: Support of SHA-3 RSA signatures | Andreas Steffen | 2016-09-22 | 2 | -4/+4 | |
| | ||||||
* | mgf1: Refactored MGF1 as an XOF | Andreas Steffen | 2016-09-21 | 29 | -29/+30 | |
| | ||||||
* | testing: Use curl instead of soup plugin in libipsec/rw-suite-b scenario | Tobias Brunner | 2016-09-20 | 3 | -3/+3 | |
| | | | | | The soup plugin is already used in the openssl-ikev2/rw-suite-b* scenarios. | |||||
* | testing: Virtual IPs went missing | Andreas Steffen | 2016-08-16 | 5 | -15/+17 | |
| | ||||||
* | testing: Added swanctl/rw-newhope-bliss scenario | Andreas Steffen | 2016-08-10 | 20 | -0/+212 | |
| | ||||||
* | testing: Add chapoly, ntru and newhope plugins to crypto and integrity tests | Andreas Steffen | 2016-08-10 | 3 | -3/+3 | |
| | ||||||
* | testing: Added ikev2/rw-newhope-bliss scenario | Andreas Steffen | 2016-08-10 | 23 | -0/+193 | |
| | ||||||
* | testing: Add ikev1/net2net-esn scenario | Tobias Brunner | 2016-06-29 | 9 | -0/+117 | |
| | ||||||
* | testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tls | Tobias Brunner | 2016-06-21 | 1 | -1/+1 | |
| | | | | | | | | | | | | | The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario") is not really ideal as now the vici plugin might not yet be ready when `swanctl --load-creds` is called. Perhaps starting charon before Apache causes enough delay. Once we switch to charon-systemd this isn't a problem anymore as starting the unit will block until everything is up and ready. Also, the individual swanctl calls will be redundant as the default service unit calls --load-all. But start scripts do run before charon-systemd signals that the daemon is ready, so using these would work too then. | |||||
* | testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario | Tobias Brunner | 2016-06-17 | 2 | -3/+1 | |
| | | | | | | | | | | aacf84d837e7 ("testing: Add expect-connection calls for all tests and hosts") removed the expect-connection call for the non-existing aaa connection. However, because the credentials were loaded asynchronously via start-script the clients might have been connecting when the secrets were not yet loaded. As `swanctl --load-creds` is a synchronous call this change avoids that issue without having to add a sleep or failing expect-connection call. | |||||
* | testing: Use TLS 1.2 in RADIUS test cases | Tobias Brunner | 2016-06-17 | 2 | -0/+6 | |
| | | | | | | | | | This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently. | |||||
* | testing: Fix firewall rule on alice in tnc/tnccs-20-pdp-pt-tls scenario | Tobias Brunner | 2016-06-17 | 1 | -2/+2 | |
| | ||||||
* | testing: Add expect-connection calls for all tests and hosts | Tobias Brunner | 2016-06-16 | 184 | -11/+236 | |
| | | | | There are some exceptions (e.g. those that use auto=start or p2pnat). | |||||
* | testing: Update test scenarios for Debian jessie | Tobias Brunner | 2016-06-16 | 289 | -576/+576 | |
| | | | | | | | The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t. | |||||
* | testing: Fix posttest.dat for ikev2/rw-dnssec scenario | Tobias Brunner | 2016-06-16 | 1 | -6/+6 | |
| | ||||||
* | testing: Update Apache config for newer Debian releases | Tobias Brunner | 2016-06-15 | 4 | -52/+64 | |
| | | | | | | It is still compatible with the current release as the config in sites-available will be ignored, while conf-enabled does not exist and is not included in the main config. | |||||
* | testing: Fix scenarios that check /etc/resolv.conf | Tobias Brunner | 2016-06-13 | 3 | -6/+6 | |
| | ||||||
* | testing: Changed gcrypt-ikev1 scenarios to swanctl | Andreas Steffen | 2016-05-15 | 20 | -126/+148 | |
| | ||||||
* | testing: wait until connections are loaded | Andreas Steffen | 2016-05-15 | 98 | -89/+178 | |
| | ||||||
* | swanctl: Do not display rekey times for shunts | Andreas Steffen | 2016-05-05 | 1 | -0/+1 | |
| | ||||||
* | testing: Use reauthentication and set CHILD_SA rekey time, bytes and packets ↵ | Andreas Steffen | 2016-05-04 | 2 | -0/+8 | |
| | | | | limits | |||||
* | testing: uses xauth_id in swanctl/xauth-rsa scenario | Andreas Steffen | 2016-05-04 | 4 | -6/+8 | |
| | ||||||
* | testing: Use absolute path of imv_policy_manager | Andreas Steffen | 2016-04-26 | 8 | -8/+9 | |
| | ||||||
* | testing: Added swanctl/rw-multi-ciphers-ikev1 scenario | Andreas Steffen | 2016-04-12 | 11 | -0/+238 | |
| | ||||||
* | testing: Added swanctl/manual_prio scenario | Andreas Steffen | 2016-04-09 | 11 | -0/+277 | |
| | ||||||
* | testing: Add swanctl/net2net-gw scenario | Tobias Brunner | 2016-04-09 | 11 | -0/+204 | |
| | ||||||
* | testing: List conntrack table on sun in ikev2/host2host-transport-connmark ↵ | Tobias Brunner | 2016-04-06 | 1 | -0/+1 | |
| | | | | scenario | |||||
* | testing: Updated updown scripts in libipsec scenarios to latest version | Tobias Brunner | 2016-03-23 | 11 | -0/+341 | |
| | ||||||
* | Updated swanctl/rw-psk-ikev1 scenario | Andreas Steffen | 2016-03-10 | 5 | -28/+36 | |
| |