From: Andreas Steffen Date: Sat, 15 Mar 2014 13:07:02 +0000 (+0100) Subject: Merged libstrongswan options into charon section X-Git-Tag: 5.1.3dr1~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c683b389ba7f9c1430a43105c27925a2cfe3dcb9;p=thirdparty%2Fstrongswan.git Merged libstrongswan options into charon section --- diff --git a/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf index e27685447e..2d08b38bc7 100644 --- a/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors pem pkcs1 af-alg gmp random nonce x509 revocation ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf index 3ddd02fe7c..037d4348d0 100644 --- a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { required = yes diff --git a/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf index e27685447e..2d08b38bc7 100644 --- a/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors pem pkcs1 af-alg gmp random nonce x509 revocation ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf index 969a5f5aa5..1dcaed4a35 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf @@ -3,8 +3,6 @@ charon { load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown send_vendor_id = yes -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf index 969a5f5aa5..1dcaed4a35 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf @@ -3,8 +3,6 @@ charon { load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown send_vendor_id = yes -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf index 969a5f5aa5..1dcaed4a35 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf @@ -3,8 +3,6 @@ charon { load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown send_vendor_id = yes -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf index 969a5f5aa5..1dcaed4a35 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf @@ -3,8 +3,6 @@ charon { load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown send_vendor_id = yes -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 671d973426..2b4da74953 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 3ddd02fe7c..037d4348d0 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { required = yes diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 671d973426..2b4da74953 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf index 9caf4fa372..8cc4192c66 100644 --- a/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-fragmentation/hosts/moon/etc/strongswan.conf @@ -4,8 +4,5 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 -} - -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf index 9caf4fa372..8cc4192c66 100644 --- a/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-fragmentation/hosts/sun/etc/strongswan.conf @@ -4,8 +4,5 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown fragment_size = 1024 -} - -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index f4fd948fd1..4de997a663 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown + multiple_authentication = no send_vendor_id = yes -} -libstrongswan { plugins { ntru { parameter_set = optimum diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf index 238ec24b74..2486425309 100644 --- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf index 238ec24b74..2486425309 100644 --- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf index c032d82915..eb8b1400a1 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf index c032d82915..eb8b1400a1 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf index c032d82915..eb8b1400a1 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf index 14e0614089..38bfed0703 100644 --- a/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default unity + cisco_unity = yes -} - -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf index cbc51d38ca..dbf1bee46d 100644 --- a/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf @@ -2,14 +2,13 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity + cisco_unity = yes + dh_exponent_ansi_x9_42 = no + plugins { attr { split-exclude = 192.168.0.0/24 } } } - -libstrongswan { - dh_exponent_ansi_x9_42 = no -} diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf index 8822cae64b..0792a3f52f 100644 --- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no integrity_test = yes + crypto_test { on_add = yes } diff --git a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf index 8822cae64b..0792a3f52f 100644 --- a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no integrity_test = yes + crypto_test { on_add = yes } diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf index 8822cae64b..0792a3f52f 100644 --- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no integrity_test = yes + crypto_test { on_add = yes } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf index 1fb5d14b1d..c08fab86e5 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf index 1fb5d14b1d..66054d0f92 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown -} - -libstrongswan { + dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf index 422538cec6..02e7618d31 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf @@ -2,10 +2,8 @@ charon { load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic attr kernel-netlink socket-default stroke updown + dns1 = 192.168.0.150 dns2 = 10.1.0.20 -} - -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf index 61260f8916..f65197befc 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf index 61260f8916..f65197befc 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf index 61260f8916..f65197befc 100644 --- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf index e2e2164ae7..ba37a47cf9 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -2,6 +2,9 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius eap-md5 xauth-eap updown + + dh_exponent_ansi_x9_42 = no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf index 77266cfa05..7114a3fe45 100644 --- a/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf @@ -2,6 +2,9 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-radius updown + + dh_exponent_ansi_x9_42 = no + plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf index 5cd9bf11e5..ca3372f7d4 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf index c393b298ae..2ba42b67ce 100644 --- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf @@ -2,10 +2,9 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown - multiple_authentication = no -} -libstrongswan { + multiple_authentication = no + x509 { enforce_critical = no } diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf index 8e685c862a..1e3d118194 100644 --- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf @@ -2,5 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + multiple_authentication = no } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf index bad10ca430..73bbf6805f 100644 --- a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} -libstrongswan { dh_exponent_ansi_x9_42 = no } diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf index e9c79b3330..d5ac379377 100644 --- a/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf @@ -7,11 +7,6 @@ charon { dnscert { enable = yes } - } -} - -libstrongswan { - plugins { unbound { # trust_anchors = /etc/ipsec.d/dnssec.keys # resolv_conf = /etc/resolv.conf diff --git a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf index e9c79b3330..d5ac379377 100644 --- a/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf @@ -7,11 +7,6 @@ charon { dnscert { enable = yes } - } -} - -libstrongswan { - plugins { unbound { # trust_anchors = /etc/ipsec.d/dnssec.keys # resolv_conf = /etc/resolv.conf diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf index 44a54a9dd6..58deb25f01 100644 --- a/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf @@ -7,11 +7,6 @@ charon { ipseckey { enable = yes } - } -} - -libstrongswan { - plugins { unbound { # trust_anchors = /etc/ipsec.d/dnssec.keys # resolv_conf = /etc/resolv.conf diff --git a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf index 44a54a9dd6..58deb25f01 100644 --- a/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf @@ -7,11 +7,6 @@ charon { ipseckey { enable = yes } - } -} - -libstrongswan { - plugins { unbound { # trust_anchors = /etc/ipsec.d/dnssec.keys # resolv_conf = /etc/resolv.conf diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index f4fd948fd1..4de997a663 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -2,11 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 ntru revocation hmac stroke kernel-netlink socket-default updown + multiple_authentication = no send_vendor_id = yes -} -libstrongswan { plugins { ntru { parameter_set = optimum diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 102801a927..4e2acefeb4 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 102801a927..4e2acefeb4 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 102801a927..4e2acefeb4 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf index 69f9845af7..bbbafd71b2 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown -} -libstrongswan { integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf index 69f9845af7..bbbafd71b2 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown -} -libstrongswan { integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf index 8caa11c978..66d8fb315c 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf @@ -2,8 +2,6 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -} -libstrongswan { integrity_test = yes } diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf index 6c8911e5a8..3eda3aa588 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -} -libstrongswan { integrity_test = yes } diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf index 06bcaa1e50..69c6e3222d 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf @@ -4,9 +4,7 @@ charon { load = soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-libipsec kernel-netlink socket-default updown initiator_only = yes -} -libstrongswan { plugins { openssl { fips_mode = 2 diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf index 06bcaa1e50..69c6e3222d 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf @@ -4,9 +4,7 @@ charon { load = soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-libipsec kernel-netlink socket-default updown initiator_only = yes -} -libstrongswan { plugins { openssl { fips_mode = 2 diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf index efa0575e5f..fa8dd94a45 100644 --- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf +++ b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-libipsec kernel-netlink socket-default updown -} -libstrongswan { plugins { openssl { fips_mode = 2 diff --git a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf index 6284763139..4901462492 100644 --- a/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/critical-extension/hosts/moon/etc/strongswan.conf @@ -3,9 +3,7 @@ charon { load = curl pem pkcs1 random nonce openssl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no -} -libstrongswan { x509 { enforce_critical = no } diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 9f31821cdc..a952c8189c 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors pem pkcs1 openssl revocation nonce xcbc cmac ctr ccm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 5708510efd..d9d650c8bd 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { required = yes diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf index f065861dca..065050d5be 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors pem pkcs1 openssl revocation nonce xcbc cmac ctr ccm stroke kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf index 128d4f2d99..8a8e08e228 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/strongswan.conf @@ -4,14 +4,13 @@ charon { load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default initiator_only = yes -} - -libstrongswan { integrity_test = yes + crypto_test { required = yes on_add = yes } + plugins { openssl { fips_mode = 2 diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf index 958a502c2f..c97a520880 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/strongswan.conf @@ -7,14 +7,13 @@ charon { retransmit_base = 1.5 retransmit_tries = 3 initiator_only = yes -} - -libstrongswan { integrity_test = yes + crypto_test { required = yes on_add = yes } + plugins { openssl { fips_mode = 2 diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf index fc49f9fd2c..a234b6cca5 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/strongswan.conf @@ -2,14 +2,14 @@ charon { load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default -} -libstrongswan { integrity_test = yes + crypto_test { required = yes on_add = yes } + plugins { openssl { fips_mode = 2 diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf index 128d4f2d99..8a8e08e228 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/strongswan.conf @@ -4,14 +4,13 @@ charon { load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default initiator_only = yes -} - -libstrongswan { integrity_test = yes + crypto_test { required = yes on_add = yes } + plugins { openssl { fips_mode = 2 diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf index 958a502c2f..c97a520880 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/strongswan.conf @@ -7,14 +7,13 @@ charon { retransmit_base = 1.5 retransmit_tries = 3 initiator_only = yes -} - -libstrongswan { integrity_test = yes + crypto_test { required = yes on_add = yes } + plugins { openssl { fips_mode = 2 diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf index fc49f9fd2c..a234b6cca5 100644 --- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/strongswan.conf @@ -2,14 +2,14 @@ charon { load = test-vectors soup pem pkcs1 pkcs8 random nonce x509 revocation openssl stroke kernel-netlink socket-default -} -libstrongswan { integrity_test = yes + crypto_test { required = yes on_add = yes } + plugins { openssl { fips_mode = 2 diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf index 3da60b82f9..8aa0ef4f51 100644 --- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf index 3da60b82f9..8aa0ef4f51 100644 --- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf index 3da60b82f9..8aa0ef4f51 100644 --- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf @@ -2,9 +2,7 @@ charon { load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf index 7cd88f5daf..101bd2e2ba 100644 --- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf @@ -7,9 +7,7 @@ charon { } } load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf index 7cd88f5daf..101bd2e2ba 100644 --- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf @@ -7,9 +7,7 @@ charon { } } load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf index 7cd88f5daf..101bd2e2ba 100644 --- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf @@ -7,9 +7,7 @@ charon { } } load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown sqlite sql -} -libstrongswan { integrity_test = yes crypto_test { on_add = yes diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf index e6f5ad3657..f4ea047ecc 100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf @@ -2,20 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + multiple_authentication=no + integrity_test = yes + plugins { eap-tnc { protocol = tnccs-1.1 } - } -} - -libstrongswan { - integrity_test = yes -} - -libimcv { - plugins { imc-test { command = allow } diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf index db91eace4f..4c738ce42b 100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf @@ -2,20 +2,14 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + multiple_authentication=no + integrity_test = yes + plugins { eap-tnc { protocol = tnccs-2.0 } - } -} - -libstrongswan { - integrity_test = yes -} - -libimcv { - plugins { imc-test { command = isolate } diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf index 3fc6c3a4b9..0b1cf10eb3 100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf @@ -2,7 +2,10 @@ charon { load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown + multiple_authentication=no + integrity_test = yes + plugins { eap-ttls { phase2_method = md5 @@ -14,17 +17,3 @@ charon { } } } - -libstrongswan { - integrity_test = yes -} - -libimcv { - plugins { - imv-scanner { - closed_port_policy = yes - tcp_ports = 22 - udp_ports = 500 4500 - } - } -}