Merge tag 'upstream/5.4.0'

Upstream version 5.4.0
author: Yves-Alexis Perez <corsac@debian.org> 2016-03-24 11:59:32 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2016-03-24 11:59:32 +0100
commit: 14275f20dd704bd6c3b97b234940c325db082c83 (patch)
tree: bfa3475c29649e094eaa6e055711e34a9f0a65f9 /testing/hosts
parent: 26962344688a8a9ef6d5da2a8b16e41cf2757a87 (diff)
parent: 518dd33c94e041db0444c7d1f33da363bb8e3faf (diff)
download: vyos-strongswan-14275f20dd704bd6c3b97b234940c325db082c83.tar.gz
vyos-strongswan-14275f20dd704bd6c3b97b234940c325db082c83.zip
9 files changed, 24 insertions, 15 deletions
diff --git a/testing/hosts/alice/etc/ipsec.d/ipsec.sql b/testing/hosts/alice/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/alice/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/alice/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/bob/etc/ipsec.d/ipsec.sql b/testing/hosts/bob/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/bob/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/bob/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/carol/etc/ipsec.d/ipsec.sql b/testing/hosts/carol/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/carol/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/carol/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/dave/etc/ipsec.d/ipsec.sql b/testing/hosts/dave/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/dave/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/dave/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/default/usr/local/bin/expect-connection b/testing/hosts/default/usr/local/bin/expect-connection
index 10a709255..17e2b7fbe 100755
--- a/testing/hosts/default/usr/local/bin/expect-connection
+++ b/testing/hosts/default/usr/local/bin/expect-connection
@@ -15,10 +15,16 @@ fi
 secs=$2
 [ ! $secs ] && secs=5
 
+cmd="swanctl --list-conns"
+grep 'load.*stroke' /etc/strongswan.conf >/dev/null
+if [ $? -eq 0 ]; then
+	cmd="ipsec statusall"
+fi
+
 let steps=$secs*10
 for i in `seq 1 $steps`
 do
-	ipsec statusall 2>&1 | grep ^[[:space:]]*$1: >/dev/null
+	$cmd 2>&1 | grep ^[[:space:]]*$1: >/dev/null
 	[ $? -eq 0 ] && exit 0
 	sleep 0.1
 done
diff --git a/testing/hosts/moon/etc/ipsec.d/ipsec.sql b/testing/hosts/moon/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/moon/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/moon/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/sun/etc/ipsec.d/ipsec.sql b/testing/hosts/sun/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/sun/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/sun/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/venus/etc/ipsec.d/ipsec.sql b/testing/hosts/venus/etc/ipsec.d/ipsec.sql
index da38e9ab4..c80052d69 100644
--- a/testing/hosts/venus/etc/ipsec.d/ipsec.sql
+++ b/testing/hosts/venus/etc/ipsec.d/ipsec.sql
@@ -1,4 +1,4 @@
 /* strongSwan SQLite database */
 
-/* configuration is read from ipsec.conf   */
-/* credentials are read from ipsec.secrets */
+/* configuration is read from swanctl.conf or ipsec.conf */
+/* credentials  are read from swanctl.conf or ipsec.secrets */
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index 842c3a1b2..de3c13dcf 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -24,6 +24,9 @@ openssl crl -in crl.pem -outform der -out strongswan.crl
 cp strongswan.crl     ${ROOT}
 cp strongswanCert.pem ${ROOT}
 cp index.html         ${ROOT}
+# revoke moon's current CERT
+pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --reason key-compromise --cert newcerts/2B.pem --lastcrl strongswan.crl > strongswan_moon_revoked.crl
+cp strongswan_moon_revoked.crl ${ROOT}
 cd /etc/openssl/research
 openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out research.crl
author	Yves-Alexis Perez <corsac@debian.org>	2016-03-24 11:59:32 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2016-03-24 11:59:32 +0100
commit	14275f20dd704bd6c3b97b234940c325db082c83 (patch)
tree	bfa3475c29649e094eaa6e055711e34a9f0a65f9 /testing/hosts
parent	26962344688a8a9ef6d5da2a8b16e41cf2757a87 (diff)
parent	518dd33c94e041db0444c7d1f33da363bb8e3faf (diff)
download	vyos-strongswan-14275f20dd704bd6c3b97b234940c325db082c83.tar.gz vyos-strongswan-14275f20dd704bd6c3b97b234940c325db082c83.zip