commit ocserv for openSUSE:Factory

Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2019-04-26 22:54:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.5536 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ocserv" Fri Apr 26 22:54:40 2019 rev:10 rq:697985 version:0.12.3 Changes: -------- --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes 2019-01-25 22:45:38.191060617 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new.5536/ocserv.changes 2019-04-26 22:54:41.921305525 +0200 @@ -1,0 +2,11 @@ +Tue Apr 23 09:08:03 UTC 2019 - Michael Du + +- Update to version 0.12.3: + * Fixed crash when no DTLS ciphersuite is negotiated. + * Fixed crash happening arbitrarily depending on handled string + sizes (#197). + * Fixed compatibility issue with GnuTLS 3.3.x (#201). + * occtl: print the TLS session information, even if the DTLS + channel is not established. + +------------------------------------------------------------------- Old: ---- ocserv-0.12.2.tar.xz New: ---- ocserv-0.12.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ocserv.spec ++++++ --- /var/tmp/diff_new_pack.ZgqHTY/_old 2019-04-26 22:54:42.469305173 +0200 +++ /var/tmp/diff_new_pack.ZgqHTY/_new 2019-04-26 22:54:42.473305170 +0200 @@ -17,7 +17,7 @@ Name: ocserv -Version: 0.12.2 +Version: 0.12.3 Release: 0 Summary: OpenConnect VPN Server License: GPL-2.0-only ++++++ ocserv-0.12.2.tar.xz -> ocserv-0.12.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/ChangeLog new/ocserv-0.12.3/ChangeLog --- old/ocserv-0.12.2/ChangeLog 2019-01-10 20:02:17.000000000 +0100 +++ new/ocserv-0.12.3/ChangeLog 2019-03-12 21:16:19.000000000 +0100 @@ -1,3 +1,129 @@ +2019-03-12 Nikos Mavrogiannopoulos + + * NEWS: NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos + +2019-03-12 Nikos Mavrogiannopoulos + + * NEWS, configure.ac: released 0.12.3 Signed-off-by: Nikos Mavrogiannopoulos + +2019-03-12 Nikos Mavrogiannopoulos + + * : commit 6cac2252033081de8ab3a8e078d0bc115e740080 Author: Nikos + Mavrogiannopoulos Date: Tue Mar 12 15:32:21 2019 + +0100 + +2019-03-12 Nikos Mavrogiannopoulos + + * src/worker-http.c: worker: workarounds string is made applicable + for gnutls 3.3 The %NO_SESSION_HASH priority string does not work with gnutls 3.3. + This fix does not include it into the priority string. Resolves: #201 Signed-off-by: Nikos Mavrogiannopoulos + +2019-02-22 Nikos Mavrogiannopoulos + + * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos + +2019-02-22 Nikos Mavrogiannopoulos + + * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos + +2019-02-22 Nikos Mavrogiannopoulos + + * : commit d3cb2e8f53eb36ae007c6dd5cfa6a8455d741b5e Author: Frank + Huang Date: Sun Feb 17 08:12:42 2019 +0000 + +2019-01-31 Nikos Mavrogiannopoulos + + * src/main.c: main: removed unused code Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-30 Nikos Mavrogiannopoulos + + * : commit 383c25e239a482b212699b9ccab72f94c9f84d5b Author: Nikos + Mavrogiannopoulos Date: Wed Jan 30 19:23:05 2019 + +0100 + +2019-01-30 Nikos Mavrogiannopoulos + + * README.md: README.md: updated URIs for new gitlab group Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-30 Nikos Mavrogiannopoulos + + * : commit 385af4e8312118fef44299c6846a1b305e370fe6 Author: Nikos + Mavrogiannopoulos Date: Sun Jan 20 06:44:29 2019 + +0100 + +2019-01-20 Nikos Mavrogiannopoulos + + * .gitlab-ci.yml, tests/common.sh, + tests/data/multiple-routes.config, tests/data/test-ban.config, + tests/data/test-cert-opt-pass.config, + tests/data/test-ciphers.config, + tests/data/test-compression-lz4.config, + tests/data/test-compression-lzs.config, + tests/data/test-cookie-invalidation.config, + tests/data/test-cookie-timeout-2.config, + tests/data/test-cookie-timeout.config, + tests/data/test-ed25519.config, tests/data/test-enc-key.config, + tests/data/test-enc-key2.config, + tests/data/test-explicit-ip.config, + tests/data/test-group-cert.config, + tests/data/test-group-pass.config, + tests/data/test-gssapi-local-map.config, + tests/data/test-gssapi-opt-cert.config, + tests/data/test-gssapi-opt-pass.config, + tests/data/test-gssapi.config, tests/data/test-haproxy-auth.config, + tests/data/test-haproxy-connect.config, + tests/data/test-iroute.config, tests/data/test-multi-cookie.config, + tests/data/test-otp-cert.config, tests/data/test-otp.config, + tests/data/test-pam-noauth.config, tests/data/test-pam.config, + tests/data/test-pass-opt-cert.config, + tests/data/test-pass-script.config, tests/data/test-rsa-pss.config, + tests/data/test-san-cert.config, + tests/data/test-sighup-key-change.config, + tests/data/test-sighup.config, tests/data/test-stress.config, + tests/data/test-traffic.config, tests/data/test-user-cert.config, + tests/data/test-user-config.config, + tests/data/test-user-group-cert-no-pass.config, + tests/data/test-user-group-cert.config, + tests/data/test-vhost-pass-cert.config, tests/data/test1.config, + tests/data/test3.config, tests/test-pass-cert: tests: consistently + disable isolate-workers in tests That is to prevent coverage reporting in tests. Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-19 Nikos Mavrogiannopoulos + + * : commit 8ba3987f4ca01d2590181fb33c161a0cc04b9d54 Author: Nikos + Mavrogiannopoulos Date: Sat Jan 19 20:09:50 2019 + +0100 + +2019-01-19 Nikos Mavrogiannopoulos + + * : commit e0f847b98478299da140b41fd2309afea387d240 Author: Nikos + Mavrogiannopoulos Date: Sat Jan 19 17:03:52 2019 + +0100 + +2019-01-19 Nikos Mavrogiannopoulos + + * src/worker-http.c: worker: allow negotiating AC-DTLS12 with + openconnect This doesn't have the anyconnect client bug with parsing the server + hello. Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-19 Nikos Mavrogiannopoulos + + * tests/Makefile.am, tests/ac-aes128-gcm-cipher, + tests/ac-aes256-gcm-cipher, tests/cipher-common.sh, + tests/{aes128-gcm-cipher => oc-aes128-gcm-cipher}, + tests/{aes256-gcm-cipher => oc-aes256-gcm-cipher}: tests: added + tests for anyconnect's DTLS1.2 support Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-19 Nikos Mavrogiannopoulos + + * tests/test-cookie-timeout: test-cookie-timeout: updated for new + openconnect kill semantics Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-19 Nikos Mavrogiannopoulos + + * tests/test-cookie-timeout: test-cookie-timeout: updated for new + openconnect kill semantics Signed-off-by: Nikos Mavrogiannopoulos + 2019-01-10 Nikos Mavrogiannopoulos * NEWS: corrected typo Signed-off-by: Nikos Mavrogiannopoulos diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/NEWS new/ocserv-0.12.3/NEWS --- old/ocserv-0.12.2/NEWS 2019-01-10 20:01:52.000000000 +0100 +++ new/ocserv-0.12.3/NEWS 2019-03-12 21:15:44.000000000 +0100 @@ -1,3 +1,12 @@ +* Version 0.12.3 (released 2019-03-12) +- Fixed crash when no DTLS ciphersuite is negotiated. +- Fixed crash happening arbitrarily depending on handled string + sizes (#197). +- Fixed compatibility issue with GnuTLS 3.3.x (#201). +- occtl: print the TLS session information, even if the DTLS channel + is not established. + + * Version 0.12.2 (released 2019-01-10) - Added support for AES256-SHA legacy cipher. This allows the anyconnect clients to use AES256. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/README.md new/ocserv-0.12.3/README.md --- old/ocserv-0.12.2/README.md 2019-01-06 20:10:58.000000000 +0100 +++ new/ocserv-0.12.3/README.md 2019-01-31 07:57:22.000000000 +0100 @@ -1,5 +1,5 @@ -[](https://gitlab.com/ocserv/ocserv/commits/master) -[](https://ocserv.gitlab.io/ocserv/coverage/) +[](https://gitlab.com/openconnect/ocserv/commits/master) +[](https://openconnect.gitlab.io/ocserv/coverage/) # About @@ -130,7 +130,7 @@ We utilize the gitlab-ci continuous integration system. It is used to test most of the Linux systems (see .gitlab-ci.yml),and is split in two phases, build image creation and compilation/test. The build image creation is done -at the ocserv/build-images subproject and uploads the image at the gitlab.com +at the openconnect/build-images subproject and uploads the image at the gitlab.com container registry. The compilation/test phase is on every commit to project. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/configure new/ocserv-0.12.3/configure --- old/ocserv-0.12.2/configure 2019-01-06 19:05:17.000000000 +0100 +++ new/ocserv-0.12.3/configure 2019-03-12 21:14:37.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ocserv 0.12.2. +# Generated by GNU Autoconf 2.69 for ocserv 0.12.3. # # Report bugs to . # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='ocserv' PACKAGE_TARNAME='ocserv' -PACKAGE_VERSION='0.12.2' -PACKAGE_STRING='ocserv 0.12.2' +PACKAGE_VERSION='0.12.3' +PACKAGE_STRING='ocserv 0.12.3' PACKAGE_BUGREPORT='openconnect-devel@lists.infradead.org' PACKAGE_URL='' @@ -2023,7 +2023,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ocserv 0.12.2 to adapt to many kinds of systems. +\`configure' configures ocserv 0.12.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -2094,7 +2094,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ocserv 0.12.2:";; + short | recursive ) echo "Configuration of ocserv 0.12.3:";; esac cat <<\_ACEOF @@ -2303,7 +2303,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ocserv configure 0.12.2 +ocserv configure 0.12.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3012,7 +3012,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ocserv $as_me 0.12.2, which was +It was created by ocserv $as_me 0.12.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4015,7 +4015,7 @@ # Define the identity of the package. PACKAGE='ocserv' - VERSION='0.12.2' + VERSION='0.12.3' cat >>confdefs.h <<_ACEOF @@ -23619,7 +23619,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ocserv $as_me 0.12.2, which was +This file was extended by ocserv $as_me 0.12.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23685,7 +23685,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ocserv config.status 0.12.2 +ocserv config.status 0.12.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/configure.ac new/ocserv-0.12.3/configure.ac --- old/ocserv-0.12.2/configure.ac 2018-11-18 19:39:43.000000000 +0100 +++ new/ocserv-0.12.3/configure.ac 2019-03-12 21:14:21.000000000 +0100 @@ -1,5 +1,5 @@ AC_PREREQ(2.61) -AC_INIT([ocserv], [0.12.2], [openconnect-devel@lists.infradead.org]) +AC_INIT([ocserv], [0.12.3], [openconnect-devel@lists.infradead.org]) PKG_PROG_PKG_CONFIG AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/src/main.c new/ocserv-0.12.3/src/main.c --- old/ocserv-0.12.2/src/main.c 2018-11-18 19:39:43.000000000 +0100 +++ new/ocserv-0.12.3/src/main.c 2019-01-31 07:57:37.000000000 +0100 @@ -566,29 +566,6 @@ mslog(s, NULL, LOG_ERR, "cannot enforce NPROC limit: %s\n", strerror(e)); } - -#if 0 - rl.rlim_cur = 0; - rl.rlim_max = 0; - ret = setrlimit(RLIMIT_FSIZE, &rl); - if (ret < 0) { - e = errno; - mslog(s, NULL, LOG_ERR, "cannot enforce FSIZE limit: %s\n", - strerror(e)); - } - -#define MAX_WORKER_MEM (16*1024*1024) - if (GETPCONFIG(s)->debug == 0) { - rl.rlim_cur = MAX_WORKER_MEM; - rl.rlim_max = MAX_WORKER_MEM; - ret = setrlimit(RLIMIT_AS, &rl); - if (ret < 0) { - e = errno; - mslog(s, NULL, LOG_ERR, "cannot enforce AS limit: %s\n", - strerror(e)); - } - } -#endif } /* clears the server listen_list and proc_list. To be used after fork(). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/src/str.c new/ocserv-0.12.3/src/str.c --- old/ocserv-0.12.2/src/str.c 2018-04-14 21:30:37.000000000 +0200 +++ new/ocserv-0.12.3/src/str.c 2019-03-12 21:13:35.000000000 +0100 @@ -103,9 +103,9 @@ */ int str_append_data(str_st * dest, const void *data, size_t data_size) { -int ret; + int ret; - ret = str_append_size(dest, data_size); + ret = str_append_size(dest, data_size+1); if (ret < 0) return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/src/version.inc new/ocserv-0.12.3/src/version.inc --- old/ocserv-0.12.2/src/version.inc 2019-01-10 19:54:30.000000000 +0100 +++ new/ocserv-0.12.3/src/version.inc 2019-03-12 21:14:48.000000000 +0100 @@ -1 +1 @@ -version = "0.12.2"; +version = "0.12.3"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/src/worker-http.c new/ocserv-0.12.3/src/worker-http.c --- old/ocserv-0.12.2/src/worker-http.c 2019-01-10 19:47:15.000000000 +0100 +++ new/ocserv-0.12.3/src/worker-http.c 2019-03-12 21:13:35.000000000 +0100 @@ -84,7 +84,11 @@ * extension to avoid interop issues. Furthermore gnutls does seem to * be sending the renegotiation extension which openssl doesn't like (see #193) */ -#define WORKAROUND_STR "%NO_SESSION_HASH:%DISABLE_SAFE_RENEGOTIATION" +#if GNUTLS_VERSION_NUMBER >= 0x030400 +# define WORKAROUND_STR "%NO_SESSION_HASH:%DISABLE_SAFE_RENEGOTIATION" +#else +# define WORKAROUND_STR "%DISABLE_SAFE_RENEGOTIATION" +#endif /* Consider switching to gperf when this table grows significantly. * These tables are used for the custom DTLS cipher negotiation via @@ -432,7 +436,6 @@ req->selected_ciphersuite = cand; break; - case HEADER_DTLS12_CIPHERSUITE: if (req->use_psk || !WSCONFIG(ws)->dtls_legacy) break; @@ -441,8 +444,9 @@ * anyconnect's openssl fail: https://gitlab.com/gnutls/gnutls/merge_requests/868 */ #ifdef gnutls_check_version_numeric - if (!gnutls_check_version_numeric(3,6,6) && - (!gnutls_check_version_numeric(3,3,0) || gnutls_check_version_numeric(3,6,0))) { + if (req->user_agent_type != AGENT_OPENCONNECT && + (!gnutls_check_version_numeric(3,6,6) && + (!gnutls_check_version_numeric(3,3,0) || gnutls_check_version_numeric(3,6,0)))) { break; } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/src/worker-vpn.c new/ocserv-0.12.3/src/worker-vpn.c --- old/ocserv-0.12.2/src/worker-vpn.c 2019-01-10 19:08:32.000000000 +0100 +++ new/ocserv-0.12.3/src/worker-vpn.c 2019-01-20 06:01:59.000000000 +0100 @@ -226,18 +226,18 @@ gnutls_psk_set_server_credentials_function(WSCREDS(ws)->pskcred, get_psk_key); - if (ws->session && WSCONFIG(ws)->match_dtls_and_tls) { + if (!ws->session) { + oclog(ws, LOG_ERR, "cannot setup PSK keys without an encrypted CSTP channel"); + return -1; + } + + if (WSCONFIG(ws)->match_dtls_and_tls) { cipher = gnutls_cipher_get(ws->session); mac = gnutls_mac_get(ws->session); snprintf(prio_string, sizeof(prio_string), "%s:"VERS_STRING":-CIPHER-ALL:-MAC-ALL:-KX-ALL:+PSK:+VERS-DTLS-ALL:+%s:+%s", WSCONFIG(ws)->priorities, gnutls_mac_get_name(mac), gnutls_cipher_get_name(cipher)); } else { - if (WSCONFIG(ws)->match_dtls_and_tls) { - oclog(ws, LOG_ERR, "cannot determine ciphersuite from CSTP channel (unset match-tls-dtls-ciphers)"); - return -1; - } - /* if we haven't an associated session, enable all ciphers we would have enabled * otherwise for TLS. */ snprintf(prio_string, sizeof(prio_string), "%s:"VERS_STRING":-KX-ALL:+PSK:+VERS-DTLS-ALL", @@ -801,6 +801,8 @@ oclog(ws, LOG_DEBUG, "Accepted unix connection"); } + ws->session = session; + session_info_send(ws); memset(&settings, 0, sizeof(settings)); @@ -823,7 +825,6 @@ oclog(ws, LOG_DEBUG, "proxy-hdr: peer is %s\n", ws->remote_ip_str); } - ws->session = session; ws->parser = &parser; restart: @@ -1751,7 +1752,7 @@ gnutls_cipher_get(ws->session), gnutls_mac_get(ws->session)); } - } else { + } else if (ws->req.selected_ciphersuite) { ws->dtls_crypto_overhead = tls_get_overhead(ws->req. selected_ciphersuite->gnutls_version, @@ -2199,7 +2200,7 @@ oclog(ws, LOG_INFO, "DTLS ciphersuite: "DTLS_PROTO_INDICATOR); ret = cstp_printf(ws, "X-DTLS-CipherSuite: "DTLS_PROTO_INDICATOR"\r\n"); - } else { + } else if (ws->req.selected_ciphersuite) { ret = cstp_printf(ws, "X-DTLS-Session-ID: %s\r\n", ws->buffer); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/Makefile.am new/ocserv-0.12.3/tests/Makefile.am --- old/ocserv-0.12.2/tests/Makefile.am 2019-01-06 20:07:53.000000000 +0100 +++ new/ocserv-0.12.3/tests/Makefile.am 2019-01-20 06:42:02.000000000 +0100 @@ -58,8 +58,9 @@ #other tests requiring nuttcp for traffic if ENABLE_NUTTCP_TESTS dist_check_SCRIPTS += traffic lz4-compression lzs-compression \ - aes256-cipher aes128-cipher aes256-gcm-cipher aes128-gcm-cipher \ - test-config-per-group + aes256-cipher aes128-cipher oc-aes256-gcm-cipher oc-aes128-gcm-cipher \ + test-config-per-group ac-aes128-gcm-cipher ac-aes256-gcm-cipher \ + no-dtls-cipher endif endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/Makefile.in new/ocserv-0.12.3/tests/Makefile.in --- old/ocserv-0.12.2/tests/Makefile.in 2019-01-10 19:47:40.000000000 +0100 +++ new/ocserv-0.12.3/tests/Makefile.in 2019-03-12 21:14:38.000000000 +0100 @@ -107,8 +107,9 @@ #other tests requiring nuttcp for traffic @ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@am__append_7 = traffic lz4-compression lzs-compression \ -@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ aes256-cipher aes128-cipher aes256-gcm-cipher aes128-gcm-cipher \ -@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ test-config-per-group +@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ aes256-cipher aes128-cipher oc-aes256-gcm-cipher oc-aes128-gcm-cipher \ +@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ test-config-per-group ac-aes128-gcm-cipher ac-aes256-gcm-cipher \ +@ENABLE_NUTTCP_TESTS_TRUE@@ENABLE_ROOT_TESTS_TRUE@ no-dtls-cipher @HAVE_CWRAP_ALL_TRUE@@HAVE_CWRAP_TRUE@am__append_8 = test-vhost @HAVE_CWRAP_TRUE@am__append_9 = test-pass test-pass-cert test-cert test-group-pass \ @@ -233,14 +234,15 @@ test-cookie-invalidation test-user-config test-append-routes \ test-ban multiple-routes haproxy-connect traffic \ lz4-compression lzs-compression aes256-cipher aes128-cipher \ - aes256-gcm-cipher aes128-gcm-cipher test-config-per-group \ - test-vhost test-pass test-pass-cert test-cert test-group-pass \ - test-pass-group-cert test-pass-group-cert-no-pass test-sighup \ - test-enc-key test-sighup-key-change test-get-cert \ - test-san-cert test-gssapi test-pass-opt-cert \ - test-cert-opt-pass test-gssapi-opt-pass test-gssapi-opt-cert \ - haproxy-auth test-maintenance test-pam test-pam-noauth \ - test-otp-cert test-otp + oc-aes256-gcm-cipher oc-aes128-gcm-cipher \ + test-config-per-group ac-aes128-gcm-cipher \ + ac-aes256-gcm-cipher no-dtls-cipher test-vhost test-pass \ + test-pass-cert test-cert test-group-pass test-pass-group-cert \ + test-pass-group-cert-no-pass test-sighup test-enc-key \ + test-sighup-key-change test-get-cert test-san-cert test-gssapi \ + test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \ + test-gssapi-opt-cert haproxy-auth test-maintenance test-pam \ + test-pam-noauth test-otp-cert test-otp AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -1981,16 +1983,16 @@ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -aes256-gcm-cipher.log: aes256-gcm-cipher - @p='aes256-gcm-cipher'; \ - b='aes256-gcm-cipher'; \ +oc-aes256-gcm-cipher.log: oc-aes256-gcm-cipher + @p='oc-aes256-gcm-cipher'; \ + b='oc-aes256-gcm-cipher'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -aes128-gcm-cipher.log: aes128-gcm-cipher - @p='aes128-gcm-cipher'; \ - b='aes128-gcm-cipher'; \ +oc-aes128-gcm-cipher.log: oc-aes128-gcm-cipher + @p='oc-aes128-gcm-cipher'; \ + b='oc-aes128-gcm-cipher'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ @@ -2001,6 +2003,27 @@ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ac-aes128-gcm-cipher.log: ac-aes128-gcm-cipher + @p='ac-aes128-gcm-cipher'; \ + b='ac-aes128-gcm-cipher'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ac-aes256-gcm-cipher.log: ac-aes256-gcm-cipher + @p='ac-aes256-gcm-cipher'; \ + b='ac-aes256-gcm-cipher'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +no-dtls-cipher.log: no-dtls-cipher + @p='no-dtls-cipher'; \ + b='no-dtls-cipher'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test-vhost.log: test-vhost @p='test-vhost'; \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/ac-aes128-gcm-cipher new/ocserv-0.12.3/tests/ac-aes128-gcm-cipher --- old/ocserv-0.12.2/tests/ac-aes128-gcm-cipher 1970-01-01 01:00:00.000000000 +0100 +++ new/ocserv-0.12.3/tests/ac-aes128-gcm-cipher 2019-01-19 19:47:50.000000000 +0100 @@ -0,0 +1,31 @@ +#!/bin/bash +# +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +# This tests support for anyconnect's DTLS1.2 support + +PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}" +CIPHER12_NAME="AES128-GCM-SHA256" +GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)" + +${PKG_CONFIG} --atleast-version=8.02 openconnect +test $? != 0 && exit 77 + +. cipher-common.sh + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/ac-aes256-gcm-cipher new/ocserv-0.12.3/tests/ac-aes256-gcm-cipher --- old/ocserv-0.12.2/tests/ac-aes256-gcm-cipher 1970-01-01 01:00:00.000000000 +0100 +++ new/ocserv-0.12.3/tests/ac-aes256-gcm-cipher 2019-01-19 19:47:50.000000000 +0100 @@ -0,0 +1,33 @@ +#!/bin/bash +# +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +# This tests support for anyconnect's DTLS1.2 support + +PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}" +CIPHER12_NAME="AES256-GCM-SHA384" +GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)" + +# There is a bug preventing AES256-GCM-SHA384 to work in openconnect +# 8.02. +${PKG_CONFIG} --atleast-version=8.03 openconnect +test $? != 0 && exit 77 + +. cipher-common.sh + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/aes128-gcm-cipher new/ocserv-0.12.3/tests/aes128-gcm-cipher --- old/ocserv-0.12.2/tests/aes128-gcm-cipher 2018-11-18 19:39:43.000000000 +0100 +++ new/ocserv-0.12.3/tests/aes128-gcm-cipher 1970-01-01 01:00:00.000000000 +0100 @@ -1,27 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2018 Nikos Mavrogiannopoulos -# -# This file is part of ocserv. -# -# ocserv is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at -# your option) any later version. -# -# ocserv is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# - -# This tests operation/traffic under compression (lzs or lz4). - -CIPHER_NAME="OC-DTLS1_2-AES128-GCM" -GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)" - -. cipher-common.sh - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/aes256-gcm-cipher new/ocserv-0.12.3/tests/aes256-gcm-cipher --- old/ocserv-0.12.2/tests/aes256-gcm-cipher 2018-11-18 19:39:43.000000000 +0100 +++ new/ocserv-0.12.3/tests/aes256-gcm-cipher 1970-01-01 01:00:00.000000000 +0100 @@ -1,27 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2018 Nikos Mavrogiannopoulos -# -# This file is part of ocserv. -# -# ocserv is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at -# your option) any later version. -# -# ocserv is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see http://www.gnu.org/licenses/. -# - -# This tests operation/traffic under compression (lzs or lz4). - -CIPHER_NAME="OC-DTLS1_2-AES256-GCM" -GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)" - -. cipher-common.sh - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/cipher-common.sh new/ocserv-0.12.3/tests/cipher-common.sh --- old/ocserv-0.12.2/tests/cipher-common.sh 2018-11-18 19:39:43.000000000 +0100 +++ new/ocserv-0.12.3/tests/cipher-common.sh 2019-03-12 21:13:35.000000000 +0100 @@ -78,16 +78,22 @@ sleep 4 +if test -n "${CIPHER12_NAME}";then + CSTR="--dtls12-ciphers ${CIPHER12_NAME} --dtls-ciphers UNKNOWN" +else + CSTR="--dtls-ciphers ${CIPHER_NAME}" +fi + # Run clients echo " * Getting cookie from ${ADDRESS}:${PORT}..." -( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --dtls-ciphers=${CIPHER_NAME} --cookieonly ) +( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} --cookieonly ) if test $? != 0;then echo "Could not get cookie from server" exit 1 fi echo " * Connecting to ${ADDRESS}:${PORT}..." -( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --dtls-ciphers=${CIPHER_NAME} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b ) +( echo "test" | ${CMDNS1} ${OPENCONNECT} ${ADDRESS}:${PORT} -u ${USERNAME} --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 ${CSTR} -s ${srcdir}/scripts/vpnc-script --pid-file=${CLIPID} --passwd-on-stdin -b ) if test $? != 0;then echo "Could not connect to server" exit 1 @@ -110,7 +116,7 @@ ${CMDNS2} nuttcp -1 -${CMDNS1} ping -c 3 ${VPNADDR6} +${CMDNS1} ping -6 -c 3 ${VPNADDR6} echo " * Receiving with nuttcp" @@ -131,21 +137,37 @@ exit 1 fi -grep "Username: ${USERNAME}" ${OUTFILE} +grep "Username: ${USERNAME}" ${OUTFILE} >/dev/null if test $? != 0;then ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME} echo "occtl show user didn't find connected user!" exit 1 fi -grep "DTLS cipher: ${GNUTLS_NAME}" ${OUTFILE} +if test -z "${GNUTLS_NAME}";then + grep "DTLS cipher:" ${OUTFILE} >/dev/null + if test $? = 0;then + ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME} + echo "occtl show user did show a cipher!" + exit 1 + fi +else + grep "DTLS cipher: ${GNUTLS_NAME}" ${OUTFILE} >/dev/null + if test $? != 0;then + ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME} + echo "occtl show user didn't show cipher!" + exit 1 + fi +fi + +grep -E '[[:space:]]+TLS ciphersuite:' ${OUTFILE} >/dev/null if test $? != 0;then ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME} - echo "occtl show user didn't show cipher!" + echo "occtl show user did not show a TLS cipher!" exit 1 fi -grep ${CLI_ADDRESS} ${OUTFILE} +grep ${CLI_ADDRESS} ${OUTFILE} >/dev/null if test $? != 0;then ${OCCTL} -s ${OCCTL_SOCKET} show user ${USERNAME} echo "occtl show user didn't find client address!" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/common.sh new/ocserv-0.12.3/tests/common.sh --- old/ocserv-0.12.2/tests/common.sh 2019-01-06 18:53:51.000000000 +0100 +++ new/ocserv-0.12.3/tests/common.sh 2019-01-30 19:01:35.000000000 +0100 @@ -49,10 +49,20 @@ file=$1 username=$(whoami) group=$(groups|cut -f 1 -d ' ') + + if test -z "${ISOLATE_WORKERS}";then + if test "${COVERAGE}" = "1";then + ISOLATE_WORKERS=false + else + ISOLATE_WORKERS=true + fi + fi + cp "${srcdir}/data/${file}" "$file.$$.tmp" sed -i -e 's|@USERNAME@|'${username}'|g' "$file.$$.tmp" \ -e 's|@GROUP@|'${group}'|g' "$file.$$.tmp" \ -e 's|@SRCDIR@|'${srcdir}'|g' "$file.$$.tmp" \ + -e 's|@ISOLATE_WORKERS@|'${ISOLATE_WORKERS}'|g' "$file.$$.tmp" \ -e 's|@OTP_FILE@|'${OTP_FILE}'|g' "$file.$$.tmp" \ -e 's|@CRLNAME@|'${CRLNAME}'|g' "$file.$$.tmp" \ -e 's|@PORT@|'${PORT}'|g' "$file.$$.tmp" \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/multiple-routes.config new/ocserv-0.12.3/tests/data/multiple-routes.config --- old/ocserv-0.12.2/tests/data/multiple-routes.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/multiple-routes.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-ban.config new/ocserv-0.12.3/tests/data/test-ban.config --- old/ocserv-0.12.2/tests/data/test-ban.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-ban.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-cert-opt-pass.config new/ocserv-0.12.3/tests/data/test-cert-opt-pass.config --- old/ocserv-0.12.2/tests/data/test-cert-opt-pass.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-cert-opt-pass.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ enable-auth = "plain[passwd=@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-ciphers.config new/ocserv-0.12.3/tests/data/test-ciphers.config --- old/ocserv-0.12.2/tests/data/test-ciphers.config 2018-11-18 19:39:43.000000000 +0100 +++ new/ocserv-0.12.3/tests/data/test-ciphers.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,7 +5,7 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" -isolate-workers = false +isolate-workers = @ISOLATE_WORKERS@ max-ban-score = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-compression-lz4.config new/ocserv-0.12.3/tests/data/test-compression-lz4.config --- old/ocserv-0.12.2/tests/data/test-compression-lz4.config 2018-04-15 21:13:39.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-compression-lz4.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,7 +5,7 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" -isolate-workers = false +isolate-workers = @ISOLATE_WORKERS@ max-ban-score = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-compression-lzs.config new/ocserv-0.12.3/tests/data/test-compression-lzs.config --- old/ocserv-0.12.2/tests/data/test-compression-lzs.config 2018-04-15 21:13:39.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-compression-lzs.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,7 +5,7 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" -isolate-workers = false +isolate-workers = @ISOLATE_WORKERS@ max-ban-score = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-cookie-invalidation.config new/ocserv-0.12.3/tests/data/test-cookie-invalidation.config --- old/ocserv-0.12.2/tests/data/test-cookie-invalidation.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-cookie-invalidation.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-cookie-timeout-2.config new/ocserv-0.12.3/tests/data/test-cookie-timeout-2.config --- old/ocserv-0.12.2/tests/data/test-cookie-timeout-2.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-cookie-timeout-2.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-cookie-timeout.config new/ocserv-0.12.3/tests/data/test-cookie-timeout.config --- old/ocserv-0.12.2/tests/data/test-cookie-timeout.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-cookie-timeout.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-ed25519.config new/ocserv-0.12.3/tests/data/test-ed25519.config --- old/ocserv-0.12.2/tests/data/test-ed25519.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-ed25519.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + max-ban-score = 0 # A banner to be displayed on clients diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-enc-key.config new/ocserv-0.12.3/tests/data/test-enc-key.config --- old/ocserv-0.12.2/tests/data/test-enc-key.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-enc-key.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-enc-key2.config new/ocserv-0.12.3/tests/data/test-enc-key2.config --- old/ocserv-0.12.2/tests/data/test-enc-key2.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-enc-key2.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-explicit-ip.config new/ocserv-0.12.3/tests/data/test-explicit-ip.config --- old/ocserv-0.12.2/tests/data/test-explicit-ip.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-explicit-ip.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-group-pass.config new/ocserv-0.12.3/tests/data/test-group-pass.config --- old/ocserv-0.12.2/tests/data/test-group-pass.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-group-pass.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test-group.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-gssapi-local-map.config new/ocserv-0.12.3/tests/data/test-gssapi-local-map.config --- old/ocserv-0.12.2/tests/data/test-gssapi-local-map.config 2017-09-09 11:26:28.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-gssapi-local-map.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[./data/test1.passwd]" auth = "gssapi" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-gssapi-opt-cert.config new/ocserv-0.12.3/tests/data/test-gssapi-opt-cert.config --- old/ocserv-0.12.2/tests/data/test-gssapi-opt-cert.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-gssapi-opt-cert.config 2019-01-30 19:01:35.000000000 +0100 @@ -6,6 +6,8 @@ auth = "gssapi[require-local-user-map=false]" enable-auth = certificate +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-gssapi-opt-pass.config new/ocserv-0.12.3/tests/data/test-gssapi-opt-pass.config --- old/ocserv-0.12.2/tests/data/test-gssapi-opt-pass.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-gssapi-opt-pass.config 2019-01-30 19:01:35.000000000 +0100 @@ -6,6 +6,8 @@ auth = "gssapi[require-local-user-map=false]" enable-auth = "plain[passwd=@SRCDIR@/data/test1.passwd]" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-gssapi.config new/ocserv-0.12.3/tests/data/test-gssapi.config --- old/ocserv-0.12.2/tests/data/test-gssapi.config 2018-04-14 21:29:16.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-gssapi.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[./data/test1.passwd]" auth = "gssapi[require-local-user-map=false]" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-haproxy-auth.config new/ocserv-0.12.3/tests/data/test-haproxy-auth.config --- old/ocserv-0.12.2/tests/data/test-haproxy-auth.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-haproxy-auth.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + max-ban-score = 0 # A banner to be displayed on clients diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-haproxy-connect.config new/ocserv-0.12.3/tests/data/test-haproxy-connect.config --- old/ocserv-0.12.2/tests/data/test-haproxy-connect.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-haproxy-connect.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,7 +5,7 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" -isolate-workers = false +isolate-workers = @ISOLATE_WORKERS@ max-ban-score = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-iroute.config new/ocserv-0.12.3/tests/data/test-iroute.config --- old/ocserv-0.12.2/tests/data/test-iroute.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-iroute.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-multi-cookie.config new/ocserv-0.12.3/tests/data/test-multi-cookie.config --- old/ocserv-0.12.2/tests/data/test-multi-cookie.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-multi-cookie.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-otp-cert.config new/ocserv-0.12.3/tests/data/test-otp-cert.config --- old/ocserv-0.12.2/tests/data/test-otp-cert.config 2018-03-03 15:03:55.000000000 +0100 +++ new/ocserv-0.12.3/tests/data/test-otp-cert.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[passwd=@SRCDIR@/data/test-otp.passwd,otp=@OTP_FILE@]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-otp.config new/ocserv-0.12.3/tests/data/test-otp.config --- old/ocserv-0.12.2/tests/data/test-otp.config 2018-03-03 15:04:03.000000000 +0100 +++ new/ocserv-0.12.3/tests/data/test-otp.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[passwd=@SRCDIR@/data/test-otp.passwd,otp=@OTP_FILE@]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pam-noauth.config new/ocserv-0.12.3/tests/data/test-pam-noauth.config --- old/ocserv-0.12.2/tests/data/test-pam-noauth.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-pam-noauth.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test-pam.passwd]" acct = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pam.config new/ocserv-0.12.3/tests/data/test-pam.config --- old/ocserv-0.12.2/tests/data/test-pam.config 2018-09-22 21:11:07.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-pam.config 2019-01-30 19:01:35.000000000 +0100 @@ -4,6 +4,8 @@ #auth = "certificate" auth = "pam[gid-min=1000]" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pass-opt-cert.config new/ocserv-0.12.3/tests/data/test-pass-opt-cert.config --- old/ocserv-0.12.2/tests/data/test-pass-opt-cert.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-pass-opt-cert.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ enable-auth = "certificate" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-pass-script.config new/ocserv-0.12.3/tests/data/test-pass-script.config --- old/ocserv-0.12.2/tests/data/test-pass-script.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-pass-script.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-rsa-pss.config new/ocserv-0.12.3/tests/data/test-rsa-pss.config --- old/ocserv-0.12.2/tests/data/test-rsa-pss.config 2018-04-13 22:49:23.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-rsa-pss.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + max-ban-score = 0 # A banner to be displayed on clients diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-san-cert.config new/ocserv-0.12.3/tests/data/test-san-cert.config --- old/ocserv-0.12.2/tests/data/test-san-cert.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-san-cert.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-sighup-key-change.config new/ocserv-0.12.3/tests/data/test-sighup-key-change.config --- old/ocserv-0.12.2/tests/data/test-sighup-key-change.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-sighup-key-change.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-sighup.config new/ocserv-0.12.3/tests/data/test-sighup.config --- old/ocserv-0.12.2/tests/data/test-sighup.config 2018-04-15 17:25:24.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-sighup.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-stress.config new/ocserv-0.12.3/tests/data/test-stress.config --- old/ocserv-0.12.2/tests/data/test-stress.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-stress.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-traffic.config new/ocserv-0.12.3/tests/data/test-traffic.config --- old/ocserv-0.12.2/tests/data/test-traffic.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-traffic.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,7 +5,7 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" -isolate-workers = false +isolate-workers = @ISOLATE_WORKERS@ max-ban-score = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-user-cert.config new/ocserv-0.12.3/tests/data/test-user-cert.config --- old/ocserv-0.12.2/tests/data/test-user-cert.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-user-cert.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-user-config.config new/ocserv-0.12.3/tests/data/test-user-config.config --- old/ocserv-0.12.2/tests/data/test-user-config.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-user-config.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[./data/test1.passwd]" #auth = "pam" +isolate-workers = false + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-user-group-cert-no-pass.config new/ocserv-0.12.3/tests/data/test-user-group-cert-no-pass.config --- old/ocserv-0.12.2/tests/data/test-user-group-cert-no-pass.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-user-group-cert-no-pass.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[@SRCDIR@/data/test-group.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + select-group = group1 select-group = group2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-user-group-cert.config new/ocserv-0.12.3/tests/data/test-user-group-cert.config --- old/ocserv-0.12.2/tests/data/test-user-group-cert.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-user-group-cert.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test-group.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + select-group = group1 select-group = group2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test-vhost-pass-cert.config new/ocserv-0.12.3/tests/data/test-vhost-pass-cert.config --- old/ocserv-0.12.2/tests/data/test-vhost-pass-cert.config 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test-vhost-pass-cert.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[passwd=@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test1.config new/ocserv-0.12.3/tests/data/test1.config --- old/ocserv-0.12.2/tests/data/test1.config 2018-11-18 19:39:43.000000000 +0100 +++ new/ocserv-0.12.3/tests/data/test1.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + max-ban-score = 0 # A banner to be displayed on clients diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/data/test3.config new/ocserv-0.12.3/tests/data/test3.config --- old/ocserv-0.12.2/tests/data/test3.config 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/data/test3.config 2019-01-30 19:01:35.000000000 +0100 @@ -5,6 +5,8 @@ #auth = "plain[@SRCDIR@/data/test1.passwd]" #auth = "pam" +isolate-workers = @ISOLATE_WORKERS@ + # A banner to be displayed on clients #banner = "Welcome" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/lz4-compression new/ocserv-0.12.3/tests/lz4-compression --- old/ocserv-0.12.2/tests/lz4-compression 2018-04-15 21:13:39.000000000 +0200 +++ new/ocserv-0.12.3/tests/lz4-compression 2019-03-12 21:13:35.000000000 +0100 @@ -110,7 +110,7 @@ ${CMDNS2} nuttcp -1 -${CMDNS1} ping -c 3 ${VPNADDR6} +${CMDNS1} ping -6 -c 3 ${VPNADDR6} echo " * Receiving with nuttcp" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/lzs-compression new/ocserv-0.12.3/tests/lzs-compression --- old/ocserv-0.12.2/tests/lzs-compression 2018-04-15 21:13:39.000000000 +0200 +++ new/ocserv-0.12.3/tests/lzs-compression 2019-03-12 21:13:35.000000000 +0100 @@ -110,7 +110,7 @@ ${CMDNS2} nuttcp -1 -${CMDNS1} ping -c 3 ${VPNADDR6} +${CMDNS1} ping -6 -c 3 ${VPNADDR6} echo " * Receiving with nuttcp" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/no-dtls-cipher new/ocserv-0.12.3/tests/no-dtls-cipher --- old/ocserv-0.12.2/tests/no-dtls-cipher 1970-01-01 01:00:00.000000000 +0100 +++ new/ocserv-0.12.3/tests/no-dtls-cipher 2019-01-19 19:47:50.000000000 +0100 @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +# This tests support for anyconnect's DTLS1.2 support + +PKG_CONFIG="${PKG_CONFIG:-/usr/bin/pkg-config}" +CIPHER_NAME="UNKNOWN" +GNUTLS_NAME="" + +. cipher-common.sh + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/oc-aes128-gcm-cipher new/ocserv-0.12.3/tests/oc-aes128-gcm-cipher --- old/ocserv-0.12.2/tests/oc-aes128-gcm-cipher 1970-01-01 01:00:00.000000000 +0100 +++ new/ocserv-0.12.3/tests/oc-aes128-gcm-cipher 2019-01-19 19:47:50.000000000 +0100 @@ -0,0 +1,27 @@ +#!/bin/bash +# +# Copyright (C) 2018 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +# This tests operation/traffic under compression (lzs or lz4). + +CIPHER_NAME="OC-DTLS1_2-AES128-GCM" +GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-128-GCM)" + +. cipher-common.sh + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/oc-aes256-gcm-cipher new/ocserv-0.12.3/tests/oc-aes256-gcm-cipher --- old/ocserv-0.12.2/tests/oc-aes256-gcm-cipher 1970-01-01 01:00:00.000000000 +0100 +++ new/ocserv-0.12.3/tests/oc-aes256-gcm-cipher 2019-01-19 19:47:50.000000000 +0100 @@ -0,0 +1,27 @@ +#!/bin/bash +# +# Copyright (C) 2018 Nikos Mavrogiannopoulos +# +# This file is part of ocserv. +# +# ocserv is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at +# your option) any later version. +# +# ocserv is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +# This tests operation/traffic under compression (lzs or lz4). + +CIPHER_NAME="OC-DTLS1_2-AES256-GCM" +GNUTLS_NAME="(DTLS1.2)-(RSA)-(AES-256-GCM)" + +. cipher-common.sh + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/test-config-per-group new/ocserv-0.12.3/tests/test-config-per-group --- old/ocserv-0.12.2/tests/test-config-per-group 2019-01-06 18:53:51.000000000 +0100 +++ new/ocserv-0.12.3/tests/test-config-per-group 2019-03-12 21:13:35.000000000 +0100 @@ -89,7 +89,7 @@ set -e ${CMDNS1} ping -c 3 ${VPNADDR} >/dev/null 2>&1 -${CMDNS1} ping -c 3 ${VPNADDR6} >/dev/null 2>&1 +${CMDNS1} ping -6 -c 3 ${VPNADDR6} >/dev/null 2>&1 set +e ${OCCTL} -s ${OCCTL_SOCKET} show users|grep ${USERNAME} @@ -137,7 +137,7 @@ set -e ${CMDNS1} ping -c 3 ${VPNADDR} >/dev/null 2>&1 -${CMDNS1} ping -c 3 ${VPNADDR6} >/dev/null 2>&1 +${CMDNS1} ping -6 -c 3 ${VPNADDR6} >/dev/null 2>&1 set +e ${OCCTL} -s ${OCCTL_SOCKET} show users|grep ${USERNAME} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/test-cookie-timeout new/ocserv-0.12.3/tests/test-cookie-timeout --- old/ocserv-0.12.2/tests/test-cookie-timeout 2018-01-06 08:54:46.000000000 +0100 +++ new/ocserv-0.12.3/tests/test-cookie-timeout 2019-01-19 13:42:35.000000000 +0100 @@ -51,7 +51,7 @@ fi CPID=`cat "${PIDFILE}"` -kill $CPID +kill -9 $CPID rm -f "${PIDFILE}" sleep 16 @@ -81,7 +81,7 @@ fi CPID=`cat "${PIDFILE}"` -kill $CPID +kill -9 $CPID rm -f "${PIDFILE}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/test-pass-cert new/ocserv-0.12.3/tests/test-pass-cert --- old/ocserv-0.12.2/tests/test-pass-cert 2017-09-09 10:34:02.000000000 +0200 +++ new/ocserv-0.12.3/tests/test-pass-cert 2019-01-30 19:01:35.000000000 +0100 @@ -22,6 +22,7 @@ srcdir=${srcdir:-.} NO_NEED_ROOT=1 PORT=4445 +ISOLATE_WORKERS=false . `dirname $0`/common.sh diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/tests/traffic new/ocserv-0.12.3/tests/traffic --- old/ocserv-0.12.2/tests/traffic 2018-04-14 09:52:35.000000000 +0200 +++ new/ocserv-0.12.3/tests/traffic 2019-03-12 21:13:35.000000000 +0100 @@ -108,7 +108,7 @@ ${CMDNS2} nuttcp -1 -${CMDNS1} ping -c 3 ${VPNADDR6} +${CMDNS1} ping -6 -c 3 ${VPNADDR6} echo " * Receiving with nuttcp"