aboutsummaryrefslogtreecommitdiffstats
path: root/testing
Commit message (Collapse)AuthorAgeFilesLines
* Version bump to 5.5.2dr25.5.2dr2Andreas Steffen2016-11-141-2/+2
|
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-14819-1071/+1049
|
* Version bump to 5.5.2dr15.5.2dr1Andreas Steffen2016-10-301-2/+2
|
* Version bump to 5.5.15.5.1Andreas Steffen2016-10-202-2/+3
|
* Version bump to 5.5.1rc25.5.1rc2Andreas Steffen2016-10-181-2/+2
|
* testing: Renewed expired certificatesAndreas Steffen2016-10-1813-140/+221
|
* testing: enable MACsec in guest kernelAndreas Steffen2016-10-181-1/+1
|
* Version bump to 5.5.1rc15.5.1rc1Andreas Steffen2016-10-112-3/+2487
|
* Save both base and delta CRLs to diskAndreas Steffen2016-10-116-9/+64
|
* vici: strongswan.conf cache_crls = yes saves fetched CRLs to diskAndreas Steffen2016-10-1113-2/+124
|
* testing: Remove ikev2/default-keys scenarioTobias Brunner2016-10-0510-156/+0
| | | | No default keys are generated anymore.
* testing: Enable outbound FWD policies in swanctl/manual-prio scenarioTobias Brunner2016-09-281-5/+6
|
* testing: Added swanctl/net2net-multicast scenarioAndreas Steffen2016-09-279-0/+166
|
* testing: Added ikev2/net2net-multicast scenarioAndreas Steffen2016-09-279-0/+125
|
* Version bump to 5.5.1dr55.5.1dr5Andreas Steffen2016-09-221-1/+1
|
* testing: Added swanctl/net2net-sha3-rsa-cert and swanctl/rw-eap-tls-sha3-rsa ↵Andreas Steffen2016-09-2246-0/+1139
| | | | scenarios
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-223-4/+9
|
* Version bump to 5.5.1dr45.5.1dr4Andreas Steffen2016-09-211-2/+2
|
* mgf1: Refactored MGF1 as an XOFAndreas Steffen2016-09-2129-29/+30
|
* testing: Use curl instead of soup plugin in libipsec/rw-suite-b scenarioTobias Brunner2016-09-203-3/+3
| | | | | The soup plugin is already used in the openssl-ikev2/rw-suite-b* scenarios.
* testing: Fix totals if post test checks failTobias Brunner2016-09-201-12/+12
|
* testing: Log leaks and fail tests if any are detectedTobias Brunner2016-09-203-1/+32
|
* testing: Add output of iptables-saveTobias Brunner2016-09-121-1/+11
| | | | | | | | | This might be helpful to get the complete picture of the installed rules. `-c` is currently not used as the counters that are added in front of every rule make the output quite hard to read and the counters are already provided in the accompanying `iptables -v -L` output. Fixes #2111.
* testing: List `nat` and `mangle` tables in addition to the `filter` tableTobias Brunner2016-09-121-3/+6
| | | | | | This is useful in scenarios that e.g. use NAT and/or marks. References #2111.
* testing: Ignore comments (lines starting with #) in pre-/eval-/posttest.datTobias Brunner2016-09-091-3/+3
|
* testing: Try to properly abort a test run after CTRL-CTobias Brunner2016-08-301-0/+15
| | | | | | | | | The run is aborted after the current scenario. Depending on which command was interrupted it might be necessary to press CTRL-C multiple times (e.g. if a later command depends on the interrupted one). This should fix HTML files and get us some proper console output after the run.
* testing: Report number of tests per subdirectory in main indexTobias Brunner2016-08-301-7/+22
|
* testing: Mount and serve testresults from the hostTobias Brunner2016-08-293-10/+8
| | | | | | | | This avoids having to copy testresults, makes results of cancelled runs browsable (runs may actually be followed live) and preserves old results when rebuilding guest images (e.g. when using the build-strongswan script). The number of consecutive test runs without any intermittent rebuild of the guest images is also not limited by the image size anymore.
* testing: Create a symlink to the testresults under a known path when ↵Tobias Brunner2016-08-292-0/+8
| | | | starting the environment
* testing: Serve images in testresults via mod_rewrite and not a symlinkTobias Brunner2016-08-293-1/+4
|
* Version bump to 5.5.1dr25.5.1dr2Andreas Steffen2016-08-261-2/+2
|
* testing: Virtual IPs went missingAndreas Steffen2016-08-165-15/+17
|
* Version bump to 5.5.1dr15.5.1dr1Andreas Steffen2016-08-102-3/+2463
|
* testing: Added swanctl/rw-newhope-bliss scenarioAndreas Steffen2016-08-1020-0/+212
|
* testing: Add chapoly, ntru and newhope plugins to crypto and integrity testsAndreas Steffen2016-08-103-3/+3
|
* testing: Added ikev2/rw-newhope-bliss scenarioAndreas Steffen2016-08-1024-1/+195
|
* Version bump to 5.5.05.5.0Andreas Steffen2016-07-131-1/+1
|
* testing: Remove obsolete openssl-fips recipeTobias Brunner2016-07-041-23/+0
| | | | | | This was only required when we initially started and OpenSSL was built from sources, which was changed with b97dd59ba841 ("install FIPS-aware OpenSSL Debian packages").
* Revert "testing: Only load selected plugins in swanctl"Tobias Brunner2016-07-011-4/+0
| | | | | | | This reverts commit dee01d019ba9743b2784b417155601d10c173a66. Thanks to 505c31870162 ("leak-detective: Try to properly free allocations after deinitialization") this is not required anymore.
* testing: Version bump to 4.6.3 kernel and strongSwan 5.5.0Andreas Steffen2016-06-302-3/+2435
|
* testing: Add ikev1/net2net-esn scenarioTobias Brunner2016-06-299-0/+117
|
* testing: Ignore tests/local directoryTobias Brunner2016-06-291-0/+1
| | | | | This could be used for experimental test scenarios that should not get tracked in the repository.
* testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tlsTobias Brunner2016-06-211-1/+1
| | | | | | | | | | | | | The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario") is not really ideal as now the vici plugin might not yet be ready when `swanctl --load-creds` is called. Perhaps starting charon before Apache causes enough delay. Once we switch to charon-systemd this isn't a problem anymore as starting the unit will block until everything is up and ready. Also, the individual swanctl calls will be redundant as the default service unit calls --load-all. But start scripts do run before charon-systemd signals that the daemon is ready, so using these would work too then.
* testing: Only load selected plugins in swanctlTobias Brunner2016-06-201-0/+4
| | | | | | | | | The main issue is that the ldap and curl plugins, or rather the libraries they use, initialize GnuTLS (curl, strangely, even when it is, by its own account, linked against OpenSSL). Some of these allocations are only freed once the libraries are unloaded. This means that the leak detective causes invalid frees when swanctl is terminated and libraries are unloaded after the leak detective is already deinitialized.
* testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenarioTobias Brunner2016-06-172-3/+1
| | | | | | | | | | aacf84d837e7 ("testing: Add expect-connection calls for all tests and hosts") removed the expect-connection call for the non-existing aaa connection. However, because the credentials were loaded asynchronously via start-script the clients might have been connecting when the secrets were not yet loaded. As `swanctl --load-creds` is a synchronous call this change avoids that issue without having to add a sleep or failing expect-connection call.
* testing: Use TLS 1.2 in RADIUS test casesTobias Brunner2016-06-172-0/+6
| | | | | | | | | This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently.
* testing: Update FreeRADIUS to 2.2.8Tobias Brunner2016-06-172-3/+3
| | | | | | | | | While this is not the latest 2.x release it is the latest in /old. Upgrading to 3.0 might be possible, not sure if the TNC-FHH patches could be easily updated, though. Upgrading to 3.1 will definitely not be possible directly as that version removes the EAP-TNC module. So we'd first have to get rid of the TNC-FHH stuff.
* testing: Fix firewall rule on alice in tnc/tnccs-20-pdp-pt-tls scenarioTobias Brunner2016-06-171-2/+2
|
* testing: Build hostapd from sourcesTobias Brunner2016-06-163-1/+78
| | | | | | | | There is a bug (fix at [1]) in hostapd 2.1-2.3 that let it crash when used with the wired driver. The package in jessie (and sid) is affected, so we build it from sources (same, older, version as wpa_supplicant). [1] http://w1.fi/cgit/hostap/commit/?id=e9b783d58c23a7bb50b2f25bce7157f1f3
* testing: Update download URL for wpa_supplicantTobias Brunner2016-06-161-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 14:25:44 +0000