/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 certutil -D -n east -d sql:/etc/ipsec.d
west #
 ipsec start
Redirecting to: [initsystem]
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec auto --add san
002 added connection description "san"
west #
 echo "initdone"
initdone
west #
 ipsec whack --impair delete-on-retransmit
west #
 # this should fail
west #
 ipsec auto --up san
002 "san" #1: initiating Aggressive Mode
002 "san" #1: I am sending a certificate request
1v1 "san" #1: STATE_AGGR_I1: initiate
002 "san" #1: Peer ID is ID_USER_FQDN: 'user-east@testing.libreswan.org'
003 "san" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification
003 "san" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure.
002 "san" #1: X509: Certificate rejected for this connection
002 "san" #1: X509: CERT payload bogus or revoked
003 "san" #1: initial Aggressive Mode packet claiming to be from user-east@testing.libreswan.org on 192.1.2.23:500 but no connection has been authorized
218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION
002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500
002 "san" #1: IMPAIR: retransmit so deleting SA
002 "san" #1: deleting state (STATE_AGGR_I1) and NOT sending notification
west #
 echo "done"
done
west #
 # confirm the right ID types were sent/received
west #
 grep "ID type" /tmp/pluto.log | sort | uniq
|    ID type: ID_USER_FQDN (0x3)
west #
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi