Imported Upstream version 5.4.0

author: Yves-Alexis Perez <corsac@debian.org> 2016-03-24 11:59:32 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2016-03-24 11:59:32 +0100
commit: 518dd33c94e041db0444c7d1f33da363bb8e3faf (patch)
tree: e8d1665ffadff7ec40228dda47e81f8f4691cd07 /testing/hosts
parent: f42f239a632306ed082f6fde878977248eea85cf (diff)
download: vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.tar.gz
vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.zip
9 files changed, 24 insertions, 15 deletions
diff --git a/testing/hosts/alice/etc/ipsec.d/ipsec.sql b/testing/hosts/alice/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/alice/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/alice/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/bob/etc/ipsec.d/ipsec.sql b/testing/hosts/bob/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/bob/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/bob/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/carol/etc/ipsec.d/ipsec.sql b/testing/hosts/carol/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/carol/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/carol/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/dave/etc/ipsec.d/ipsec.sql b/testing/hosts/dave/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/dave/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/dave/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/default/usr/local/bin/expect-connection b/testing/hosts/default/usr/local/bin/expect-connection
index 10a709255..17e2b7fbe 100755
--- a/testing/hosts/default/usr/local/bin/expect-connection
+++ b/testing/hosts/default/usr/local/bin/expect-connection
@@ -15,10 +15,16 @@ fi
 secs=$2
 [ ! $secs ] && secs=5
 
+cmd="swanctl --list-conns"
+grep 'load.*stroke' /etc/strongswan.conf >/dev/null
+if [ $? -eq 0 ]; then
+	cmd="ipsec statusall"
+fi
+
 let steps=$secs*10
 for i in `seq 1 $steps`
 do
-	ipsec statusall 2>&1 | grep ^[[:space:]]*$1: >/dev/null
+	$cmd 2>&1 | grep ^[[:space:]]*$1: >/dev/null
 	[ $? -eq 0 ] && exit 0
 	sleep 0.1
 done
diff --git a/testing/hosts/moon/etc/ipsec.d/ipsec.sql b/testing/hosts/moon/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/moon/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/moon/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/sun/etc/ipsec.d/ipsec.sql b/testing/hosts/sun/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/sun/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/sun/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/venus/etc/ipsec.d/ipsec.sql b/testing/hosts/venus/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/venus/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/venus/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index 842c3a1b2..de3c13dcf 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -24,6 +24,9 @@ openssl crl -in crl.pem -outform der -out strongswan.crl
 cp strongswan.crl     ${ROOT}
 cp strongswanCert.pem ${ROOT}
 cp index.html         ${ROOT}
+# revoke moon's current CERT
+pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl
+cp strongswan_moon_revoked.crl ${ROOT}
 cd /etc/openssl/research
 openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out research.crl
author	Yves-Alexis Perez <corsac@debian.org>	2016-03-24 11:59:32 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2016-03-24 11:59:32 +0100
commit	518dd33c94e041db0444c7d1f33da363bb8e3faf (patch)
tree	e8d1665ffadff7ec40228dda47e81f8f4691cd07 /testing/hosts
parent	f42f239a632306ed082f6fde878977248eea85cf (diff)
download	vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.tar.gz vyos-strongswan-518dd33c94e041db0444c7d1f33da363bb8e3faf.zip