[Swan-commit] Changes to ref refs/heads/fragmentation

Paul Wouters paul at vault.libreswan.fi
Tue Jan 29 20:40:51 EET 2013 

New commits:
commit 19c89dfcd2ae43f0f88b649ca5576afbd19f7ca0
Author: Copyright (C) 2013 Wolfgang Nothdurft <wolfgang at linogate.de>
Date:   Tue Jan 29 13:40:09 2013 -0500

    * IKEv1: Support for sending IKE fragments
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 02418ccfaea8c1cf86af890fb01200e467bf342c
Author: Paul Wouters <pwouters at redhat.com>
Date:   Tue Jan 29 00:04:08 2013 -0500

    * WIP: testing:  started to merge testing/libvirt/install.sh into Makefile
    
    - So we can call it using "make check".
    - testing/utils/lswan-check is using the libvirt python module
    - testing/utils/virtinstall-base is broken of into a shell script for better
      (unbuffered) viewing
    - networks and vms slightly removed to make python code easier
    - Only add networks/vms not already in existence (unless --force)

commit 91e0e001530a485cf61bd9afd5f580bf6f0c208a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 23:42:13 2013 -0500

    * testing: Added generated testing/x509/* content to .gitignore

commit 39bcf9919ac3537ff76107f77045b19279cda2b5
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 23:39:49 2013 -0500

    * testing: dotest.sh aborts when dist_certs has not been run

commit 072ab86c96187dd8a8d151ea44c4bf41b449561a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 23:36:12 2013 -0500

    * testing: swan-prep Load the other side's public certificate
    
    On east,west and road we import the public cert of the other two
    machines. This ensures we can run leftcert=XXX and rightcert=XXX
    for the X509 tests that do not use the CA.

commit 11d07dfcaf7833859bbb1337bbb80adb88ebf221
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 23:06:09 2013 -0500

    * pluto: don't try to load non-existing AA certs
    
    This removes an error from startup:
    
    Could not change to directory '/etc/ipsec.d/aacerts': No such file or directory

commit 3406966c3f21e2a591696f4eccdb64543b47d36e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:55:40 2013 -0500

    * testing: dist_certs was not generating PKCS#12 files for special cases

commit b406ac60d903cab951d53945a2a87201d669c0ca
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:54:35 2013 -0500

    * testing: swan-prep fixes
    
    - Import certs from /testing/x509/pkcs12/mainca/
    - Convert pidof string to int for os.kill()

commit a0d60b6756c48a6ed1fd5b640b1f5d7aa7a38955
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:53:39 2013 -0500

    * ipsec look: display NSS certificates

commit b02f2fb8d38f8d2533523061b8575fd4862dd339
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:27:06 2013 -0500

    * testing: dist_certs  Fix PKCS#12 generation, work with any cwd
    
    - pushd / popd into the directory containing dist_certs so it can
      be run from anywhere.
    - The CA friendly name apparently cannot contain spaces or openssl pkcs12
      just fails with a usage error.

commit c06224afd4f28c5f8639e56ca94f272ea05121b7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:19:40 2013 -0500

    * testing: runkvm.py support for --x509
    
    Read testparams.sh to see if X509=yes, if so pass --x509 to swan-prep

commit ebf7be3be679acc2dd6a76e9e8b4425e46e97de7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:16:45 2013 -0500

    * testing: fixes to dotest.sh
    
    - Typo fix for LIBRESWANDIR
    - Use the presence or absence of *run.sh to determine INITOATOR
      (and not *init.sh because responders have an init.sh file too)
    - Set the testname based on the pwd of the test using basename()

commit 754d12d3b40c97f34f5a9c3386efd1adf567ebcd
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:13:58 2013 -0500

    * testing: CA rename and no longer copy generated files into testing/baseconfig/
    
    We now read the files from testing/x509/* so they don't get into git
    
    dist_certs now calls the main CA "mainca" instead of "ca", as the Friendly
    Name of the CA was "ca" which was getting confusing, especially because
    the country is also ca.

commit 844a92b21baed175466336a9ab4821dfe52f03eb
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:13:15 2013 -0500

    * testing: updated x509-pluto-01

commit 86488332c58e7d68f46414eee7cb5f9a3b6a97ae
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 22:10:02 2013 -0500

    * testing: swan-prep functionality extended
    
    - kill all IKE daemons (strongswan, racoon, shrewsoft as well as pluto)
    - unload NETKEY and KLIPS stacks using _stackmanager stop
    
    The above no longer needs to be in the individual test case *init.sh files.
    
    - added --x509 option to force adding x509 certs into NSS
    - testparams.sh is checked for X509=yes and if so certs are added to NSS

commit 163a8c36707a282c2eb0ba20e38157044cfb4f59
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 17:53:55 2013 -0500

    * testing: cleanup X509 generation and output

commit b78c10ed3dc0b718b50766578a4ab613e5a372f2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sun Jan 27 11:40:33 2013 -0500

    * put find_ifaces() back to where the testcases think it should be

commit bd04be397fbfb4c7049919121833e8a4e61df039
Merge: 6dd4196 b47b6c9
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jan 26 19:51:02 2013 -0500

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit 6dd419682c44117fc5dc4cb83b73659da9393d4e
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jan 26 19:14:20 2013 -0500

    * testing: two configurations to compile pluto for testing
    
    minimal: disable everything but NETKEY
    everything: enable everything except taproom and dmalloc

commit b47b6c97f7a11ff73f6f77bb0dece52bec0f9ac1
Merge: 6969ded 48cb493
Author: Antony Antony <antony at phenome.org>
Date:   Sun Jan 27 02:13:29 2013 +0200

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit 6969ded5e123f1dcf56ac4ceee74db729e05bbe1
Author: Antony Antony <antony at phenome.org>
Date:   Sun Jan 27 02:12:50 2013 +0200

    * testing: cleanup test basic-pluto-11 good

commit 4fa3a57ece83dfefa57543bb4123b84c388add7b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jan 26 19:11:43 2013 -0500

    * taproom: minor fixes to taproom
    
    Fixed some missing "goto" statements for taproom. Ifdef'ed the
    TCL calls in IKEv2 as they have never been tested or run (taproom
    predates ikev2) - but programs/pluto/tpm/ needs to be fixed or
    removed. (I think removal is best - code hasn't compiled or run
    since about 2007, no one uses it)

commit 562a433a4719b4f556ba0e201f84980d656d60d8
Author: Antony Antony <antony at phenome.org>
Date:   Sun Jan 27 02:10:41 2013 +0200

    * testing: ping-sanitize.sed fix

commit 7e10c81840750c3a76b209e401a9a029ad069c83
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jan 26 18:53:51 2013 -0500

    * XAUTH: missing ifdef's around two blocks dealing with XAUTH

commit 48cb493736a9672d3c96cf1a74eeb6a17d5c7c94
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Jan 26 18:35:51 2013 -0500

    * testing: runkvm.py aborts on all missing python modules now

commit 5c336c8c3620e8e72ad26bfdfb0f3b34caf609c7
Merge: 1bd333a 9ac4101
Author: Antony Antony <antony at phenome.org>
Date:   Sat Jan 26 22:13:25 2013 +0200

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit 9ac4101fe819d73dac1097bf88396452dd2169ee
Author: Paul Wouters <paul at libreswan.org>
Date:   Sat Jan 26 11:59:20 2013 -0500

    * status: slight change in output of ipsec auto --status
    
    We used to only display metric and mtu when one of these were set.
    We now always display these. The prio and interface were moved on
    their own line with metric and mtu. This gives us more space for
    our ever increasing list of POLICY bits to be displayed.
    
    old:
    000 "redhat":   policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+IKE_FRAG; prio: 32,32; interface: virbr0;
    
    new:
    
    000 "redhat":   policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+XAUTH+AGGRESSIVE+IKEv2ALLOW+IKE_FRAG;
    000 "redhat":   prio: 32,32; interface: virbr0; metric:0, mtu:unset;
    
    For OE, the DNS policies (+lKOD and +rKOD) are added to the policy line, but after the ";"
    to avoid confusing thinking these are c->policy bits.

commit c4b8b3dd170f7b80458be857dfa8d18c24971af0
Author: Paul Wouters <paul at libreswan.org>
Date:   Sat Jan 26 11:56:45 2013 -0500

    * libipsecconf: Do not set key_from_DNS_on_demand = TRUE per default
    
    For RSA connections, the OE settings turn this to TRUE if OE was
    used, and false otherwise. However, for PSK connections this was left
    at TRUE as well. Although it caused no harm it could confusingly
    state "+lKOD+rKOD" in the policy for PSK connections.

commit 1bd333af35fe20cef79d6093224c9c8f4a3d258d
Author: Antony Antony <antony at phenome.org>
Date:   Wed Jan 23 21:54:39 2013 +0200

    *testing forgot to commit with xauth-pluto-12

More information about the Swan-commit mailing list