/testing/guestbin/swan-prep --x509 Preparing X.509 files kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# certutil -d sql:/etc/ipsec.d -D -n east kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec start Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Error: Peer netns reference is invalid. Redirecting to: namespaces direct start via ipsec pluto kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# /testing/pluto/bin/wait-until-pluto-started kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec auto --add nss-cert 002 added connection description "nss-cert" kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# echo "initdone" initdone kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec whack --impair delete-on-retransmit kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# # This is expected to fail because remote cert is not yet valid. kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# # It should return whack but it does not? kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ipsec auto --up nss-cert 002 "nss-cert" #1: initiating Main Mode 102 "nss-cert" #1: STATE_MAIN_I1: initiate 002 "nss-cert" #1: IMPAIR: retransmit so deleting SA 002 "nss-cert" #1: deleting state (STATE_MAIN_I1) aged 15.016s and NOT sending notification kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# echo done done kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# # only expected to show failure on west kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# grep "ERROR" /tmp/pluto.log "nss-cert" #1: ERROR: asynchronous network error report on eth1 (192.1.2.45:500) for message to 192.1.2.23 port 500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] "nss-cert" #2: ERROR: asynchronous network error report on eth1 (192.1.2.45:500) for message to 192.1.2.23 port 500, complainant 192.1.2.23: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# : ==== cut ==== kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# : ==== tuc ==== kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# ../bin/check-for-core.sh kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder]# if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi kroot@swantest:/home/build/libreswan/testing/pluto/nss-cert-10-notyetvalid-responder\[root@west nss-cert-10-notyetvalid-responder 1]# >>>>>>>>>>cutnonzeroexit>>>>>>>>>> exit status 1 final.sh 'if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi' <<<<<<<<<