/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 ipsec certutil -D -n east
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec auto --add nss-cert
"nss-cert": added IKEv2 connection
west #
 echo "initdone"
initdone
west #
 ipsec whack --impair suppress_retransmits
west #
 ipsec whack --impair revival
west #
 # This is expected to fail because remote cert is not yet valid.
west #
 ipsec auto --up nss-cert
"nss-cert" #1: initiating IKEv2 connection to 192.1.2.23 using UDP
"nss-cert" #1: sent IKE_SA_INIT request to 192.1.2.23:UDP/500
"nss-cert" #1: processed IKE_SA_INIT response from 192.1.2.23:UDP/500 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=DH19}, initiating IKE_AUTH
"nss-cert" #1: sent IKE_AUTH request to 192.1.2.23:UDP/500
"nss-cert" #1: NSS: ERROR: IPsec certificate E=user-notyetvalid@testing.libreswan.org,CN=notyetvalid.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA invalid: SEC_ERROR_EXPIRED_CERTIFICATE: Peer's Certificate has expired.
"nss-cert" #1: X509: certificate payload rejected for this connection
"nss-cert" #1: encountered fatal error in state STATE_V2_PARENT_I2
"nss-cert" #2: connection is supposed to remain up; revival attempt 1 scheduled in 0 seconds
"nss-cert" #2: IMPAIR: revival: skip scheduling revival event
"nss-cert" #1: deleting IKE SA (sent IKE_AUTH request)
west #
 echo done
done
west #
 # only expected to show failure on west
west #
 grep "certificate payload rejected" /tmp/pluto.log
"nss-cert" #1: X509: certificate payload rejected for this connection
west #
 
