/testing/guestbin/swan-prep --x509 --x509name notyetvalid
Preparing X.509 files
west #
 certutil -d sql:/etc/ipsec.d -D -n east
west #
 ipsec _stackmanager start
west #
 mkdir -p /var/run/pluto
west #
 # set a time in the future so notyetvalid and east certs are valid here
west #
 faketime -f +370d ipsec pluto  --config /etc/ipsec.conf
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 # if faketime works, adding conn should not give a warning about cert
west #
 ipsec auto --add nss-cert
002 added connection description "nss-cert"
west #
 echo "initdone"
initdone
west #
 ipsec whack --impair suppress-retransmits
west #
 ipsec auto --up nss-cert
002 "nss-cert" #1: initiating Main Mode
1v1 "nss-cert" #1: STATE_MAIN_I1: initiate
1v1 "nss-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "nss-cert" #1: I am sending my cert
002 "nss-cert" #1: I am sending a certificate request
1v1 "nss-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "nss-cert" #1: ignoring informational payload INVALID_KEY_INFORMATION, msgid=00000000, length=12
003 "nss-cert" #1: received and ignored informational message
002 "nss-cert" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set
031 "nss-cert" #1: max number of retransmissions (0) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
002 "nss-cert" #1: deleting state (STATE_MAIN_I3)
west #
 echo done
done
west #
 # will only show up on east - note "expired" is wrong and should be "not yet valid"
west #
 grep "ERROR" /tmp/pluto.log
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi