aboutsummaryrefslogtreecommitdiffstats
path: root/testing
Commit message (Collapse)AuthorAgeFilesLines
...
* testing: Increased ping interval in ikev2/trap-any scenarioAndreas Steffen2016-02-161-5/+5
|
* Corrected the description of the swanctl/dhcp-dynamic scenarioAndreas Steffen2016-02-161-1/+1
|
* Fix of the mutual TNC measurement use caseAndreas Steffen2016-02-1615-8/+214
| | | | | | | | | | | | | | | | | If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches is continued until the IKEv2 responder acting as a TNC server has also finished its TNC measurements. In the past if these measurements in the other direction were correct the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication successful and the IPsec connection was established even though the TNC measurement verification on the EAP peer side failed. The fix adds an "allow" group membership on each endpoint if the corresponding TNC measurements of the peer are successful. By requiring a "allow" group membership in the IKEv2 connection definition the IPsec connection succeeds only if the TNC measurements on both sides are valid.
* testing: Added swanctl/dhcp-dynamic scenarioAndreas Steffen2016-02-0315-0/+279
|
* ikev1: Log successful authentication with signature schemeThomas Egerer2016-02-013-6/+6
| | | | | | Output is now identical to that of the IKEv2 pubkey authenticator. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* testing: Don't attempt to start the daemon twice in ha/active-passive scenarioTobias Brunner2016-02-011-1/+0
|
* testing: Added swanctl/config-payload scenarioAndreas Steffen2016-01-1412-0/+219
|
* testing: Use include statement in swanctl/rw-pubkey-keyid scenarioAndreas Steffen2016-01-143-30/+19
|
* testing: swanctl/rw-pubkey-anon uses anonymous public keys in remote access ↵Andreas Steffen2016-01-0920-0/+297
| | | | scenario
* testing: added swanctl scenarios net2net-pubkey, rw-pubkey-keyid and rw-dnssecAndreas Steffen2016-01-0955-0/+824
|
* testing: Fixed description of swanctl/frags-iv4 scenarioAndreas Steffen2016-01-091-4/+4
|
* testing: Change sql scenarios to swanctlAndreas Steffen2016-01-03180-398/+454
|
* testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAsTobias Brunner2015-12-214-8/+8
|
* testing: Fixed description in swanctl/rw-ntru-bliss scenarioAndreas Steffen2015-12-181-1/+1
|
* testing: swanctl is enabled by defaultAndreas Steffen2015-12-181-1/+0
|
* testing: Added swanctl/rw-ntru-bliss scenarioAndreas Steffen2015-12-1720-0/+214
|
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-1430-64/+64
|
* testing: swanctl/rw-cert scenario tests password-protected RSA keyAndreas Steffen2015-12-122-0/+38
|
* Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit ↵Andreas Steffen2015-12-1246-237/+83
| | | | security
* Use VICI 2.0 protocol version for certificate queriesAndreas Steffen2015-12-111-5/+5
|
* testing: Added swanctl --list-algs outputAndreas Steffen2015-12-111-2/+5
|
* testing: Converted tnc scenarios to swanctlAndreas Steffen2015-12-11386-2383/+5091
|
* vici: Don't report memory usage via leak-detectiveTobias Brunner2015-12-111-1/+0
| | | | | This slowed down the `swanctl --stats` calls in the test scenarios significantly, with not much added value.
* testing: Use expect-connection in swanctl scenariosTobias Brunner2015-12-1113-15/+37
| | | | | Only in net2net-start do we have to use `sleep` to ensure the SA is up when the tests are running.
* testing: The expect-connection helper may use swanctl to check for connectionsTobias Brunner2015-12-111-1/+7
| | | | | | Depending on the plugin configuration in the test scenario either `ipsec statusall` or `swanctl --list-conns` is used to check for a named connection.
* testing: Some more timing fixesAndreas Steffen2015-12-012-2/+2
|
* testing: Updated expired mars.strongswan.org certificateAndreas Steffen2015-11-2613-168/+195
|
* testing: Error messages of curl plugin have changed5.3.4rc1Andreas Steffen2015-11-133-4/+4
|
* testing: Fixed another timing issueAndreas Steffen2015-11-131-1/+1
|
* testing: Check for leases in swanctl/ip-pool scenarioAndreas Steffen2015-11-111-0/+2
|
* testing: Fixed some more timing issuesAndreas Steffen2015-11-1010-8/+10
|
* testing: Reduce runtime of all tests that use SQLite databases by storing ↵Tobias Brunner2015-11-09161-312/+319
| | | | them in ramfs
* testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNCTobias Brunner2015-11-094-114/+1
|
* testing: Add test config to create and remove a directory for DBs stored in ↵Tobias Brunner2015-11-091-1/+23
| | | | ramfs
* testing: Improve runtime of TNC tests by storing the SQLite DB in ramfsTobias Brunner2015-11-0914-9/+30
| | | | This saves about 50%-70% of the time needed for scenarios that use a DB.
* testing: Fix test constraints in ikev2/rw-ntru-bliss scenarioTobias Brunner2015-11-091-4/+4
| | | | | Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes").
* testing: Use sha3 plugin in ikev2/rw-cert scenarioAndreas Steffen2015-11-093-3/+3
|
* testing: Report the actual strongSwan and kernel versionsTobias Brunner2015-11-091-0/+6
|
* testing: Record strongSwan version when building from tarballTobias Brunner2015-11-091-0/+1
|
* testing: Record strongSwan version when building from source treeTobias Brunner2015-11-091-0/+11
|
* testing: Report time required for all scenarios on test overview pageTobias Brunner2015-11-091-4/+13
|
* testing: Remove old SWID tags when building from repositoryTobias Brunner2015-11-091-0/+3
| | | | This fixes the TNC-PDP scenarios.
* testing: Don't log anything to the console if auth.log or daemon.log do not ↵Tobias Brunner2015-11-091-2/+2
| | | | exist
* testing: Simplify fetching of swanctl --list-* outputTobias Brunner2015-11-091-20/+8
|
* testing: Don't run redundant crypto tests in sql/rw-cert scenarioTobias Brunner2015-11-091-4/+1
| | | | | They run in all other rw-cert scenarios but in the SQL version there is no change in the loaded crypto plugins.
* testing: Fix CRL URIs in ipv6/net2net-ip4-in-ip6-ikev* scenariosTobias Brunner2015-11-092-2/+2
|
* testing: Speed up OCSP scenariosTobias Brunner2015-11-093-4/+4
| | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately.
* testing: Speed up ifdown calls in ikev2/mobike scenariosTobias Brunner2015-11-093-1/+13
| | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while.
* testing: Avoid delays with ping by using -W and -i optionsTobias Brunner2015-11-0933-55/+55
| | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply).
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-09303-452/+500
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 22:35:57 +0000