aboutsummaryrefslogtreecommitdiffstats
path: root/testing
Commit message (Collapse)AuthorAgeFilesLines
...
* testing: Reissue attribute certificates for the new holder certificatesMartin Willi2014-10-038-72/+72
| | | | | | Due to the expired and reissued holder certificates of carol and dave, new attribute certificates are required to match the holder certificates serial in the ikev2/acert-{cached,fallback,inline} tests.
* configure: Load fetcher plugins after crypto base pluginsMartin Willi2014-09-24669-681/+676
| | | | | | | | | | Some fetcher plugins (such as curl) might build upon OpenSSL to implement HTTPS fetching. As we set (and can't unset) threading callbacks in our openssl plugin, we must ensure that OpenSSL functions don't get called after openssl plugin unloading. We achieve that by loading curl and all other fetcher plugins after the base crypto plugins, including openssl.
* testing: Use multiple jobs to install strongSwanTobias Brunner2014-09-191-1/+1
|
* testing: Add a script to build the current (or an arbitrary) source treeTobias Brunner2014-09-191-0/+65
| | | | | | | | | | | | | | This allows to (relatively) quickly (re-)build and install the current or an arbitrary strongSwan source tree within the root image. bindfs is used to bind mount the source directory using the regular user and group (only works if sudo is used to run the script) so that newly created files are not owned by root. As with building the root image in general the guests must not be running while executing this script. The guest images are automatically rebuilt after the root image has been updated so configuration files and other modifications in guests will be lost.
* testing: Add packages to rebuild strongSwan from the repositoryTobias Brunner2014-09-191-1/+2
|
* testing: Make strongSwan build recipe more configurableTobias Brunner2014-09-191-4/+13
|
* testing: Update certs and keys in tkm testsReto Buerki2014-09-176-0/+0
| | | | References #705.
* testing: Update x509-ada version to 0.1.1Reto Buerki2014-09-171-1/+1
| | | | Fixes #705.
* Generated new test certificatesAndreas Steffen2014-08-2876-351/+542
|
* testing: Make sure the kernel exists when startingTobias Brunner2014-08-251-0/+1
|
* Updated URL to swidGenerator in recipe5.2.0Andreas Steffen2014-07-091-1/+1
|
* Update KVM test framework to 3.15 guest kernel5.2.0rc1Andreas Steffen2014-06-272-3/+2086
|
* testing: Add sql/shunt-policies-nat-rw scenarioTobias Brunner2014-06-2618-0/+740
|
* testing: Add pfkey/shunt-policies-nat-rw scenarioTobias Brunner2014-06-2613-0/+175
|
* testing: Remove obsolete shunt-policies scenariosTobias Brunner2014-06-2624-688/+0
|
* Updated description of TNC scenarios concerning RFC 7171 PT-EAP supportAndreas Steffen2014-06-266-24/+30
|
* Removed django.db from swid scenariosAndreas Steffen2014-06-262-0/+0
|
* testing: Add ikev2/shunt-policies-nat-rw scenarioTobias Brunner2014-06-1912-0/+171
|
* testing: Remove ikev2/shunt-policies scenarioTobias Brunner2014-06-1910-166/+0
| | | | | This scenario doesn't really apply anymore (especially its use of drop policies).
* Added swanctl/net2net-route scenarioAndreas Steffen2014-06-189-0/+145
|
* Added swanctl/net2net-start scenarioAndreas Steffen2014-06-189-0/+140
|
* Minor changes in swanctl scenariosAndreas Steffen2014-06-187-5/+8
|
* Added swanctl --list-pols and swanctl --stats do scenario logAndreas Steffen2014-06-181-3/+12
|
* testing: Delete accidentally committed test casesTobias Brunner2014-06-1857-920/+0
|
* Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenariosAndreas Steffen2014-06-1422-0/+441
|
* Single-line --raw mode simplifies evaltest of swanctl scenariosAndreas Steffen2014-06-145-92/+16
|
* Added swanctl/ip-pool-db scenarioAndreas Steffen2014-06-1111-0/+246
|
* Updated strongTNC configurationAndreas Steffen2014-06-118-12/+15
|
* Added swanctl/ip-pool scenarioAndreas Steffen2014-06-1011-0/+231
|
* Added swanctl/rw-cert scenarioAndreas Steffen2014-06-1011-0/+216
|
* Define default swanctl credentials in hosts directoryAndreas Steffen2014-06-1030-4/+383
|
* testing: Cache packages downloaded with pip for strongTNCTobias Brunner2014-06-021-2/+7
| | | | This way no network connections is required to rebuild the root/guest images.
* First swanctl scenario5.2.0dr5Andreas Steffen2014-06-0117-14/+515
|
* Test SWID REST API ins tnc/tnccs-20-pdp scenariosAndreas Steffen2014-05-3183-73/+1113
|
* Migration from Debian 7.4 to 7.5Andreas Steffen2014-05-3111-18/+18
|
* Minor changes in the test environment5.2.0dr4Andreas Steffen2014-05-153-1/+11
|
* Implemented PT-EAP protocol (RFC 7171)Andreas Steffen2014-05-1246-156/+163
|
* testing: Added pfkey/compress test caseTobias Brunner2014-04-249-0/+100
|
* Handle tag separatorsAndreas Steffen2014-04-151-1/+1
|
* Renewed expired user certificateAndreas Steffen2014-04-157-49/+75
|
* Updated SWID scenariosAndreas Steffen2014-04-156-4/+18
|
* Implemented segmented SWID tag attributes on IMV sideAndreas Steffen2014-04-1554-36/+101
|
* Use python-based swidGenerator to generated SWID tagsAndreas Steffen2014-04-1516-21/+46
|
* Make Attestation IMV independent of OS IMVAndreas Steffen2014-04-1521-11/+310
|
* Fixed pretest script in tnc/tnccs-20-pt-tls scenarioAndreas Steffen2014-04-041-1/+1
|
* testing: Run 'conntrack -F' before all test scenariosTobias Brunner2014-04-0228-41/+14
| | | | This prevents failures due to remaining conntrack entries.
* Test TLS AEAD cipher suitesAndreas Steffen2014-04-0110-10/+17
|
* Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenarioAndreas Steffen2014-03-311-1/+1
|
* revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-312-3/+2
| | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally.
* testing: Add an acert test that forces a fallback connection based on groupsMartin Willi2014-03-3113-0/+199
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 03:21:36 +0000