[Swan-dev] generating x509 certificates

Andrew Cagney andrew.cagney at gmail.com
Tue Feb 3 17:13:52 EET 2015


Hi,

I've hit a few problems when trying to run the tests that require
certificates.  The main one is that the script dist_certs fails as
openssl (Fedora release 20 (Heisenbug) at least) doesn't like
generating the bad certificate:

The organizationName field needed to be the same in the
CA certificate (Libreswan) and the request (Traitors Inc)

Look for the command:

openssl ca -batch -in reqs/wrongdnorg.req -startdate ...

Perhaps I'm instead meant to run dist_certs.py?  This, however, lends
itself to the other problem:  dist_certs (not dist_certs.py) is run by
testing/libvirt/install.sh.  The script (which ever it is) should be
run as part of pluto's make check.

Andrew


More information about the Swan-dev mailing list