GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,278 Commits 19 Branches 88 Tags
770c4202f56e479fa9cbe0e39335e6eefb9c2a33
Commit Graph

147 Commits

Author SHA1 Message Date
Alan Jowett
770c4202f5 Provide option to suppress tests that depend on /dev/net/tun 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-08 14:31:35 -06:00
Nikos Mavrogiannopoulos
1dacbb13a7 tests: added test cases for no-route in group and main configuration 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-30 10:38:44 +02:00
Nikos Mavrogiannopoulos
3a8e280a92 translate labels to groups when provided by client 
This addresses issues with anyconnect clients which send back the descriptive labels.

Resolves #267

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-21 22:24:17 +02:00
Nikos Mavrogiannopoulos
03b05526c3 tests: check whether ipv6 interface is up 
Relates: #301

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-13 06:16:27 +02:00
Nikos Mavrogiannopoulos
fd2bd42cb2 .gitlab-ci.yml: corrected kerberos tests 
This also corrects the kerberos test script environment
to enable running the test.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-04-10 23:06:07 +02:00
Nikos Mavrogiannopoulos
9246431590 tests: radius tests are not run when radius is disabled 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-04-08 19:25:56 +02:00
Nikos Mavrogiannopoulos
3544e3ee2b tests: verify environment under Apple clients 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:21:37 +01:00
Nikos Mavrogiannopoulos
5e817d3d60 tests: added test to test match-tls-dtls-ciphers config option 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 17:01:01 +01:00
Nikos Mavrogiannopoulos
5097604d4d tests: added test for PSK-NEGOTIATE ciphers 
Relates: #262

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 13:23:06 +01:00
Alan Jowett
b43e782b12 Add support for RFC6750 bearer tokens to ocserv 
This permits the validation of OpenID Connect auth tokens OpenID
Connect is an OAuth 2.0 protocol used to identify a resource owner
(VPN client end-user) to a resource server (VPN server) intermediated
by an Authorization server.

Resolves: #240

Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>
 2020-03-09 21:48:04 +01:00
Nikos Mavrogiannopoulos
ebe7c3bfb4 tests: added test to check whether server blocks if script blocks 
This test verifies that the server will continue to operate
even if the up script will block indefinitely.

Resolves: #241

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-07 22:46:21 +01:00
Nikos Mavrogiannopoulos
55d5af2ebc check_multiple_users: do not account disconnected ones 
When max-same-clients is set to 1 and a user re-using a cookie
connects, check_multiple_users() would prevent the user from
reconnecting. This corrects the issue by taking into account
only valid sessions that have not yet been disconnected.

Resolves: #223

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-12-16 21:30:24 +01:00
Nikos Mavrogiannopoulos
c9e907c841 tests: replaced docker-based kerberos test case with one that runs in CI 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 14:51:21 +01:00
Lele Long
17ed47488d Add udp-listen-host option for DTLS 
This option supports different listen addresses for tcp and
udp such as haproxy for tcp, but support dtls at the same time (haproxy
does not support UDP at the moment)
 2019-09-30 09:01:55 +08:00
Nikos Mavrogiannopoulos
92b5db7b26 occtl: fix json in show status 
This removes a trailing comma from the end of the listing, and
adds a missing one.

Resolves: #220

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-25 20:37:16 +02:00
Alexey Dotsenko
0153172c03 tests: add radius otp test 
tests (radius-otp): add a check radcli version (atleast 1.2.7), since debian uses version
1.2.6, which does not support Access-Challenge server response.

tests: show debug messages only in VERBOSE mode

tests (radius-otp): replace test for option max_challenge to macro MAX_CHALLENGE

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 17:25:44 +03:00
Nikos Mavrogiannopoulos
15380220ac tests: rewrite the radius tests using namespaces 
This simplifies the test and makes it runnable in our CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:47:23 +02:00
Nikos Mavrogiannopoulos
e0f847b984 worker: added safety check for selected DTLS ciphersuite prior to use 
This avoids a crash when no DTLS ciphersuite is selected and adds a
test case for negotiation without DTLS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:11 +01:00
Nikos Mavrogiannopoulos
7fc4e0d0ee tests: added tests for anyconnect's DTLS1.2 support 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:09 +01:00
Nikos Mavrogiannopoulos
2dfa37784d tests: moved server-cert-rsa-pss to dist_check_scripts 
The gnutls included in distributions is expected to work well
with RSA-PSS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-06 20:07:53 +01:00
Nikos Mavrogiannopoulos
b181f20a2e tests: added functionality test for config-per-group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-11-18 21:06:22 +01:00
Nikos Mavrogiannopoulos
3a330b8d85 tests: added unit tests for AES-128-GCM and AES-256-GCM 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-07-20 22:06:11 +02:00
Nikos Mavrogiannopoulos
579cfc0ead Added support for AES-256-CBC 
This enables support for AES-256 for anyconnect clients which
do not support AES-GCM. Also prioritized the 256-bit ciphers
higher than the 128-bit ones.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-07-20 21:58:49 +02:00
Nikos Mavrogiannopoulos
9ca7da7689 added missing file 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-05-12 08:20:59 +02:00
Nikos Mavrogiannopoulos
a65b3444cb tests: ship missing test [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-04-23 11:13:13 +02:00
Nikos Mavrogiannopoulos
4111f598b8 tests: separated compression tests to lzs and lz4 
That allows testing both code paths separately.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 17:25:27 +02:00
Nikos Mavrogiannopoulos
432c12dcce tests: added test to unit test the maintenance cycle 
This allows to catch issues like crashes late in the server
operation as in #149

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 09:25:51 +02:00
Nikos Mavrogiannopoulos
90b3c439fb tests: server-cert-rsa-pss moved to xfail set 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:22:46 +02:00
Nikos Mavrogiannopoulos
158b099c9f tests: added test with compression enabled 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-06 06:53:27 +02:00
Nikos Mavrogiannopoulos
265e30dab7 tests: full-test was moved into traffic test 
The new traffic test only requires namespaces and no docker.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-05 20:06:27 +02:00
Nikos Mavrogiannopoulos
490a201826 haproxy-connect: split into lib 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-05 18:59:41 +02:00
Nikos Mavrogiannopoulos
86fe0fc457 tests: added check with haproxy connection 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-04 07:22:49 +02:00
Nikos Mavrogiannopoulos
63b7e81e87 tests: added test with proxy-protocol 
That tests operation under haproxy with proxy-protocol without docker.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos
0de68ef4b1 tests: added reproducer for #141 
This tests whether more than 128 options can be read in
routes or dns fields.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-21 12:28:24 +01:00
Nikos Mavrogiannopoulos
5d0205332d tests: introduced test program to check basic vhost functionality 
This checks whether connecting to different virtual hosts
with different authentication methods works.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-06 20:42:33 +01:00
Nikos Mavrogiannopoulos
ba6921ed9a Introduced the notion of virtual hosts 
This provides virtualized server configurations which take
effect after client connection when client hello is received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-06 20:42:31 +01:00
Nikos Mavrogiannopoulos
15fd4c9fbb tests: introduced tests with gssapi falling back to pass or certs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:31:55 +01:00
Nikos Mavrogiannopoulos
4ecfed7ed0 tests: added check cert or pass auth 
This is the similar to the test case (test-pass-opt-cert) of pass or cert,
but in that case the certificate method is set as primary.

Relates #108

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
30d4b4e677 test-pass-opt-cert: modified not to require root access 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
66f9f97d1d test: replaced docker otp-test with cwrap test-otp 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:00:09 +01:00
Nikos Mavrogiannopoulos
00c6f566cb tests: introduced test with OTP-password and certificate auth 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 14:38:19 +01:00
Daniel Lenski
fbdf8f875e Make escape_url() percent-escape fewer characters and escape ' ' as '+' 
Per RFC 3986, neither ASCII alphanumeric characters, nor any of '-', '_',
'.', '~', need to be escaped anywhere in a URL or query string.
 2018-01-13 13:11:33 -08:00
Daniel Lenski
38ebf44620 tests for unescaping decimal HTML escapes and '+' in URLs 2018-01-13 12:56:59 -08:00
Nikos Mavrogiannopoulos
b5d77da7f4 Separate root from docker tests 
This allows running the root tests under CI, even if the
docker tests (which cannot be run) are not.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:27:35 +02:00
Nikos Mavrogiannopoulos
8eafacf2a9 tests: test-gssapi is now run as non-root 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-09-09 10:51:42 +02:00
Nikos Mavrogiannopoulos
077e16e36d tests: check server functionality with Ed25519/RSA-PSS certs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 12:00:15 +02:00
Nikos Mavrogiannopoulos
37f8ebc8c9 tests: added unit test for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:15:35 +02:00
Nikos Mavrogiannopoulos
0c18e122e6 tests: added check for proxy protocol v1 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-28 08:11:53 +02:00
Nikos Mavrogiannopoulos
83bea71e38 tests: added unit test for cstp_recv_nb() 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-03-24 20:07:47 +01:00
Nikos Mavrogiannopoulos
6986a97d12 tests: added missing file to dist files 2017-02-12 10:19:02 +01:00