/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 certutil -D -n east -d sql:/etc/ipsec.d
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec auto --add san
002 added connection description "san"
west #
 echo "initdone"
initdone
west #
 ipsec whack --impair suppress-retransmits
west #
 # this should succeed
west #
 ipsec auto --up san
002 "san" #1: initiating v2 parent SA
1v2 "san" #1: initiate
1v2 "san" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
1v2 "san" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
002 "san" #2: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
003 "san" #2: ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' does not match expected 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=NOTeast.testing.libreswan.org, E=user-NOTeast@testing.libreswan.org'
002 "san" #2: Peer public key SubjectAltName does not match peer ID for this connection
002 "san" #2: X509: CERT payload does not match connection ID
west #
 echo "done"
done
west #
 # confirm the right ID types were sent/received
west #
 grep "ID type" /tmp/pluto.log
|    ID type: ID_DER_ASN1_DN (0x9)
|    ID type: ID_DER_ASN1_DN (0x9)
|    ID type: ID_DER_ASN1_DN (0x9)
west #
 grep "RSA authentication failed" /tmp/pluto.log
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi