| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | testing: Added ikev2/net2net-ed25519 scenario | Andreas Steffen | 2016-12-17 | 17 | -0/+173 | |
| | | ||||||
| * | Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates | Andreas Steffen | 2016-12-14 | 28 | -1/+300 | |
| | | ||||||
| * | Version bump to 5.5.2dr25.5.2dr2 | Andreas Steffen | 2016-11-14 | 1 | -2/+2 | |
| | | ||||||
| * | testing: make curve25519 the default DH group | Andreas Steffen | 2016-11-14 | 819 | -1071/+1049 | |
| | | ||||||
| * | Version bump to 5.5.2dr15.5.2dr1 | Andreas Steffen | 2016-10-30 | 1 | -2/+2 | |
| | | ||||||
| * | Version bump to 5.5.15.5.1 | Andreas Steffen | 2016-10-20 | 2 | -2/+3 | |
| | | ||||||
| * | Version bump to 5.5.1rc25.5.1rc2 | Andreas Steffen | 2016-10-18 | 1 | -2/+2 | |
| | | ||||||
| * | testing: Renewed expired certificates | Andreas Steffen | 2016-10-18 | 13 | -140/+221 | |
| | | ||||||
| * | testing: enable MACsec in guest kernel | Andreas Steffen | 2016-10-18 | 1 | -1/+1 | |
| | | ||||||
| * | Version bump to 5.5.1rc15.5.1rc1 | Andreas Steffen | 2016-10-11 | 2 | -3/+2487 | |
| | | ||||||
| * | Save both base and delta CRLs to disk | Andreas Steffen | 2016-10-11 | 6 | -9/+64 | |
| | | ||||||
| * | vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk | Andreas Steffen | 2016-10-11 | 13 | -2/+124 | |
| | | ||||||
| * | testing: Remove ikev2/default-keys scenario | Tobias Brunner | 2016-10-05 | 10 | -156/+0 | |
| | | | | | No default keys are generated anymore. | |||||
| * | testing: Enable outbound FWD policies in swanctl/manual-prio scenario | Tobias Brunner | 2016-09-28 | 1 | -5/+6 | |
| | | ||||||
| * | testing: Added swanctl/net2net-multicast scenario | Andreas Steffen | 2016-09-27 | 9 | -0/+166 | |
| | | ||||||
| * | testing: Added ikev2/net2net-multicast scenario | Andreas Steffen | 2016-09-27 | 9 | -0/+125 | |
| | | ||||||
| * | Version bump to 5.5.1dr55.5.1dr5 | Andreas Steffen | 2016-09-22 | 1 | -1/+1 | |
| | | ||||||
| * | testing: Added swanctl/net2net-sha3-rsa-cert and swanctl/rw-eap-tls-sha3-rsa ↵ | Andreas Steffen | 2016-09-22 | 46 | -0/+1139 | |
| | | | | | scenarios | |||||
| * | gmp: Support of SHA-3 RSA signatures | Andreas Steffen | 2016-09-22 | 3 | -4/+9 | |
| | | ||||||
| * | Version bump to 5.5.1dr45.5.1dr4 | Andreas Steffen | 2016-09-21 | 1 | -2/+2 | |
| | | ||||||
| * | mgf1: Refactored MGF1 as an XOF | Andreas Steffen | 2016-09-21 | 29 | -29/+30 | |
| | | ||||||
| * | testing: Use curl instead of soup plugin in libipsec/rw-suite-b scenario | Tobias Brunner | 2016-09-20 | 3 | -3/+3 | |
| | | | | | | The soup plugin is already used in the openssl-ikev2/rw-suite-b* scenarios. | |||||
| * | testing: Fix totals if post test checks fail | Tobias Brunner | 2016-09-20 | 1 | -12/+12 | |
| | | ||||||
| * | testing: Log leaks and fail tests if any are detected | Tobias Brunner | 2016-09-20 | 3 | -1/+32 | |
| | | ||||||
| * | testing: Add output of iptables-save | Tobias Brunner | 2016-09-12 | 1 | -1/+11 | |
| | | | | | | | | | | This might be helpful to get the complete picture of the installed rules. `-c` is currently not used as the counters that are added in front of every rule make the output quite hard to read and the counters are already provided in the accompanying `iptables -v -L` output. Fixes #2111. | |||||
| * | testing: List `nat` and `mangle` tables in addition to the `filter` table | Tobias Brunner | 2016-09-12 | 1 | -3/+6 | |
| | | | | | | | This is useful in scenarios that e.g. use NAT and/or marks. References #2111. | |||||
| * | testing: Ignore comments (lines starting with #) in pre-/eval-/posttest.dat | Tobias Brunner | 2016-09-09 | 1 | -3/+3 | |
| | | ||||||
| * | testing: Try to properly abort a test run after CTRL-C | Tobias Brunner | 2016-08-30 | 1 | -0/+15 | |
| | | | | | | | | | | The run is aborted after the current scenario. Depending on which command was interrupted it might be necessary to press CTRL-C multiple times (e.g. if a later command depends on the interrupted one). This should fix HTML files and get us some proper console output after the run. | |||||
| * | testing: Report number of tests per subdirectory in main index | Tobias Brunner | 2016-08-30 | 1 | -7/+22 | |
| | | ||||||
| * | testing: Mount and serve testresults from the host | Tobias Brunner | 2016-08-29 | 3 | -10/+8 | |
| | | | | | | | | | This avoids having to copy testresults, makes results of cancelled runs browsable (runs may actually be followed live) and preserves old results when rebuilding guest images (e.g. when using the build-strongswan script). The number of consecutive test runs without any intermittent rebuild of the guest images is also not limited by the image size anymore. | |||||
| * | testing: Create a symlink to the testresults under a known path when ↵ | Tobias Brunner | 2016-08-29 | 2 | -0/+8 | |
| | | | | | starting the environment | |||||
| * | testing: Serve images in testresults via mod_rewrite and not a symlink | Tobias Brunner | 2016-08-29 | 3 | -1/+4 | |
| | | ||||||
| * | Version bump to 5.5.1dr25.5.1dr2 | Andreas Steffen | 2016-08-26 | 1 | -2/+2 | |
| | | ||||||
| * | testing: Virtual IPs went missing | Andreas Steffen | 2016-08-16 | 5 | -15/+17 | |
| | | ||||||
| * | Version bump to 5.5.1dr15.5.1dr1 | Andreas Steffen | 2016-08-10 | 2 | -3/+2463 | |
| | | ||||||
| * | testing: Added swanctl/rw-newhope-bliss scenario | Andreas Steffen | 2016-08-10 | 20 | -0/+212 | |
| | | ||||||
| * | testing: Add chapoly, ntru and newhope plugins to crypto and integrity tests | Andreas Steffen | 2016-08-10 | 3 | -3/+3 | |
| | | ||||||
| * | testing: Added ikev2/rw-newhope-bliss scenario | Andreas Steffen | 2016-08-10 | 24 | -1/+195 | |
| | | ||||||
| * | Version bump to 5.5.05.5.0 | Andreas Steffen | 2016-07-13 | 1 | -1/+1 | |
| | | ||||||
| * | testing: Remove obsolete openssl-fips recipe | Tobias Brunner | 2016-07-04 | 1 | -23/+0 | |
| | | | | | | | This was only required when we initially started and OpenSSL was built from sources, which was changed with b97dd59ba841 ("install FIPS-aware OpenSSL Debian packages"). | |||||
| * | Revert "testing: Only load selected plugins in swanctl" | Tobias Brunner | 2016-07-01 | 1 | -4/+0 | |
| | | | | | | | | This reverts commit dee01d019ba9743b2784b417155601d10c173a66. Thanks to 505c31870162 ("leak-detective: Try to properly free allocations after deinitialization") this is not required anymore. | |||||
| * | testing: Version bump to 4.6.3 kernel and strongSwan 5.5.0 | Andreas Steffen | 2016-06-30 | 2 | -3/+2435 | |
| | | ||||||
| * | testing: Add ikev1/net2net-esn scenario | Tobias Brunner | 2016-06-29 | 9 | -0/+117 | |
| | | ||||||
| * | testing: Ignore tests/local directory | Tobias Brunner | 2016-06-29 | 1 | -0/+1 | |
| | | | | | | This could be used for experimental test scenarios that should not get tracked in the repository. | |||||
| * | testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tls | Tobias Brunner | 2016-06-21 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario") is not really ideal as now the vici plugin might not yet be ready when `swanctl --load-creds` is called. Perhaps starting charon before Apache causes enough delay. Once we switch to charon-systemd this isn't a problem anymore as starting the unit will block until everything is up and ready. Also, the individual swanctl calls will be redundant as the default service unit calls --load-all. But start scripts do run before charon-systemd signals that the daemon is ready, so using these would work too then. | |||||
| * | testing: Only load selected plugins in swanctl | Tobias Brunner | 2016-06-20 | 1 | -0/+4 | |
| | | | | | | | | | | The main issue is that the ldap and curl plugins, or rather the libraries they use, initialize GnuTLS (curl, strangely, even when it is, by its own account, linked against OpenSSL). Some of these allocations are only freed once the libraries are unloaded. This means that the leak detective causes invalid frees when swanctl is terminated and libraries are unloaded after the leak detective is already deinitialized. | |||||
| * | testing: Fix race in tnc/tnccs-20-pdp-pt-tls scenario | Tobias Brunner | 2016-06-17 | 2 | -3/+1 | |
| | | | | | | | | | | | aacf84d837e7 ("testing: Add expect-connection calls for all tests and hosts") removed the expect-connection call for the non-existing aaa connection. However, because the credentials were loaded asynchronously via start-script the clients might have been connecting when the secrets were not yet loaded. As `swanctl --load-creds` is a synchronous call this change avoids that issue without having to add a sleep or failing expect-connection call. | |||||
| * | testing: Use TLS 1.2 in RADIUS test cases | Tobias Brunner | 2016-06-17 | 2 | -0/+6 | |
| | | | | | | | | | | This took a while as in the OpenSSL package shipped with Debian and on which our FIPS-enabled package is based, the function SSL_export_keying_material(), which is used by FreeRADIUS to derive the MSK, did not use the correct digest to calculate the result when TLS 1.2 was used. This caused IKE to fail with "verification of AUTH payload with EAP MSK failed". The fix was only backported to jessie recently. | |||||
| * | testing: Update FreeRADIUS to 2.2.8 | Tobias Brunner | 2016-06-17 | 2 | -3/+3 | |
| | | | | | | | | | | While this is not the latest 2.x release it is the latest in /old. Upgrading to 3.0 might be possible, not sure if the TNC-FHH patches could be easily updated, though. Upgrading to 3.1 will definitely not be possible directly as that version removes the EAP-TNC module. So we'd first have to get rid of the TNC-FHH stuff. | |||||
| * | testing: Fix firewall rule on alice in tnc/tnccs-20-pdp-pt-tls scenario | Tobias Brunner | 2016-06-17 | 1 | -2/+2 | |
| | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |