testing: Enable mgf1 plugin for scenarios where FreeRADIUS uses PSS signatures

Looks like a cipher suite without DHE was selected previously.

Could be a side-effect of dc1085734f34 ("testing: Remove unnecessary
FreeRADIUS dh_file option as recommended in the log").

diff --git a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
index 525b4c1d15a79239f33b3ff9869f20f87f511ae3..c54b57ecfaeaec45b92cf3747dbc4ab004bc6b67 100644 (file)
--- a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
   multiple_authentication=no
 }

diff --git a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
index 525b4c1d15a79239f33b3ff9869f20f87f511ae3..c54b57ecfaeaec45b92cf3747dbc4ab004bc6b67 100644 (file)
--- a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
   multiple_authentication=no
 }

diff --git a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 917c3fcefdf7496d80ee48291054790ef83f0b42..ca40a20c187a3dd7c0ae6d1fdcb261f1f3dfd433 100644 (file)
--- a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
   syslog {
     daemon {

diff --git a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 917c3fcefdf7496d80ee48291054790ef83f0b42..ca40a20c187a3dd7c0ae6d1fdcb261f1f3dfd433 100644 (file)
--- a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
   syslog {
     daemon {

diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
index d45398e956c241de23468f7c2ec4cfda3988d682..60cb1bf0f544c2631eb4dd72ebd024a203ac99c4 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
 }

diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
index d45398e956c241de23468f7c2ec4cfda3988d682..60cb1bf0f544c2631eb4dd72ebd024a203ac99c4 100644 (file)
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
 }

diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 2ec581bf3a5a527e1a5e3e5c0cdf7fb99ca84d12..f21e179f4fac7e4a5ceb6660fd7808fca1d2dabe 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
 }

diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 2ec581bf3a5a527e1a5e3e5c0cdf7fb99ca84d12..f21e179f4fac7e4a5ceb6660fd7808fca1d2dabe 100644 (file)
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
 }