[Swan-dev] please look at nss-cert-crl-03-strict

Paul Wouters paul at nohats.ca
Mon Jul 23 19:59:12 UTC 2018

On Wed, 18 Jul 2018, D. Hugh Redelmeier wrote:

> Date: Wed, 18 Jul 2018 20:13:22
> From: D. Hugh Redelmeier <hugh at mimosa.com>
> To: Libreswan Development List <swan-dev at lists.libreswan.org>
> Subject: [Swan-dev] please look at nss-cert-crl-03-strict
> An inaccurate message has disappeared.  But an accurate message did not
> replace it.  This seems suspicious.
>  # will only show up on east - note "expired" is wrong and should be "not yet valid"
> east #
>  grep "ERROR" /tmp/pluto.log
> -"nss-cert" #1: ERROR: Peer's Certificate has expired.
> east #
> east #
>  ../bin/check-for-core.sh

Same issue, we update the CRL before we can show the error on it. I will
try and add an impair for this.


More information about the Swan-dev mailing list