[Swan-dev] testing libipsecconf

Paul Wouters 🔓 paul at nohats.ca
Wed Nov 26 15:47:51 EET 2014

On Wed, 26 Nov 2014, D. Hugh Redelmeier wrote:

> readwriteconf-19 and -20 are empty except for a reference output.
> I'll delete them.

[without having looked at this]

But the tests are supposed to be about reading the reference output in
ipsec readwriteconf and see if the input matches the output. So we don't
need more than an input config file. Perhaps it just didn't copy the
scripts or Makefile?

> readwriteconf-22 found something that surprised me.
> It didn't like
> 	crlcheckinterval=60
> complaining that it expected a string but found an integer.
> Is that what we want???

that's a bug that was introduced in an early libreswan. Without any
modifier (eg 60s) it does not accept the value as a time in seconds.
I believe everything that accepts a time value has that problem, eg
keylife= has it too.

> Maybe we need a "time" lexical type that accepts an integer with the
> usual suffixes.

We do. So it accepts 60s or 60m or 60y. It just does not default 60 to
be the same as 60s.

> readwriteconf-23 fails to parse the config file.
> It may be correct, but the message is off in left field.

We are fairly bad at parsing comments :( That is a testfile with all
the kinds of comments we should be able to parse/ignore without
side affects.


More information about the Swan-dev mailing list