/testing/guestbin/swan-prep --x509 --x509name ../otherca/signedbyother
Preparing X.509 files
command 'PATH/bin/certutil -M -n 'Libreswan test CA for mainca - Libreswan' -d sql:/etc/ipsec.d -t 'CT,,'' failed with status 255: certutil: could not find certificate named "Libreswan test CA for mainca - Libreswan": SEC_ERROR_...
west #
 certutil -M -n 'Libreswan test CA for otherca - Libreswan' -d sql:/etc/ipsec.d/ -t 'CT,,'
west #
 certutil -D -n east -d sql:/etc/ipsec.d
west #
 certutil -D -n east-ec -d sql:/etc/ipsec.d
west #
 ipsec start
Redirecting to: [initsystem]
west #
 ../../guestbin/wait-until-pluto-started
west #
 ipsec whack --impair delete-on-retransmit
west #
 ipsec auto --add westnet-eastnet-x509-cr
002 "westnet-eastnet-x509-cr": added IKEv1 connection
west #
 echo "initdone"
initdone
west #
 # this should fail
west #
 ipsec auto --up westnet-eastnet-x509-cr
002 "westnet-eastnet-x509-cr" #1: initiating IKEv1 Main Mode connection
1v1 "westnet-eastnet-x509-cr" #1: sent Main Mode request
1v1 "westnet-eastnet-x509-cr" #1: sent Main Mode I2
002 "westnet-eastnet-x509-cr" #1: I am sending my cert
002 "westnet-eastnet-x509-cr" #1: I am sending a certificate request
1v1 "westnet-eastnet-x509-cr" #1: sent Main Mode I3
003 "westnet-eastnet-x509-cr" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12
003 "westnet-eastnet-x509-cr" #1: received and ignored notification payload: INVALID_ID_INFORMATION
002 "westnet-eastnet-x509-cr" #1: IMPAIR: retransmit so deleting SA
002 "westnet-eastnet-x509-cr" #1: deleting state (STATE_MAIN_I3) and NOT sending notification
002 "westnet-eastnet-x509-cr" #1: deleting ISAKMP SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS
west #
 echo done
done
west #
 ../../guestbin/ipsec-look.sh
west NOW
XFRM state:
XFRM policy:
XFRM done
IPSEC mangle TABLES
iptables filter TABLE
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ROUTING TABLES
default via 192.1.2.254 dev eth1
192.0.1.0/24 dev eth0 proto kernel scope link src 192.0.1.254
192.0.2.0/24 via 192.1.2.23 dev eth1
192.1.2.0/24 dev eth1 proto kernel scope link src 192.1.2.45
NSS_CERTIFICATES
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
Libreswan test CA for otherca - Libreswan                    CT,, 
hashsha1                                                     P,,  
nic                                                          P,,  
north                                                        P,,  
road                                                         P,,  
signedbyother                                                u,u,u
west #
 
