[Swan-dev] Docker test suite
Andrew Cagney
andrew.cagney at gmail.com
Fri Jun 24 15:27:37 UTC 2016
On 24 June 2016 at 10:36, Kim B. Heino <b at bbbs.net> wrote:
>> The order here doesn't seem right - are keys really being re-generated
>> or just reinstalled?
>
> Keys are re-generated to host's tmp/{west,east} directories. Those
> directories are mounted as docker volumes, they are not included to
> container image.
Ah, that works! The critical thing is that all domains can, through a
back door, see all the other domains keys.
> Currently I have to compile libreswan first to have a program to
> generate those keys.
As in newhostkey et.al.?
The current test framework really really relies on 'static' hostkeys -
there are magic numbers hardwired through out the config files; not
nice. For CKAIDs, where I deal with generated x509 files, I had to
pull some tricks to get around this (look at the *ckaid* tests) - the
thing that made it possible was that all domains could access all the
keys.
just keep that in mind
Andrew
More information about the Swan-dev
mailing list