/testing/guestbin/swan-prep --x509
Preparing X.509 files
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# certutil -d sql:/etc/ipsec.d -D -n east
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Redirecting to: /etc/init.d/ipsec start
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
Starting pluto IKE daemon for IPsec: 
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# /testing/pluto/bin/wait-until-pluto-started
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec auto --add nss-cert
002 added connection description "nss-cert"
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# echo "initdone"
initdone
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec whack --impair delete-on-retransmit
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# # This is expected to fail because remote cert is not yet valid.
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# # It should return whack but it does not?
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec auto --up nss-cert
002 "nss-cert" #1: initiating Main Mode
102 "nss-cert" #1: STATE_MAIN_I1: initiate
002 "nss-cert" #1: IMPAIR: retransmit so deleting SA
002 "nss-cert" #1: deleting state (STATE_MAIN_I1) aged 15.014s and NOT sending notification
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# echo done
done
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# # only expected to show failure on west
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# grep "ERROR" /tmp/pluto.log
"nss-cert" #1: ERROR: asynchronous network error report on eth1 (192.1.2.45:500) for message to 192.1.2.23 port 500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
"nss-cert" #2: ERROR: asynchronous network error report on eth1 (192.1.2.45:500) for message to 192.1.2.23 port 500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# 
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# : ==== cut ====
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# : ==== tuc ====
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ../bin/check-for-core.sh
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi
type=AVC msg=audit(1566826258.395:237099): avc:  denied  { write } for  pid=21076 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=581795926 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
type=AVC msg=audit(1566826260.256:237152): avc:  denied  { write } for  pid=21892 comm="ip" path="/tmp/pluto.log" dev="dm-0" ino=70922259 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:container_file_t:s0:c718,c778 tclass=file permissive=1
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# : ==== end ====
kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]#