[Swan-dev] ikev2-x509-02-eku

D. Hugh Redelmeier hugh at mimosa.com
Fri Feb 8 05:32:44 UTC 2019


The test is still failing.  The same way.

My guests have NSS 3.41.

My host has 3.39.  Could that matter?  How?

| From: Paul Wouters <paul at nohats.ca>
| Date: Sat, 2 Feb 2019 21:57:42 -0500 (EST)
| 
| On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote:
| 
| > Subject: [Swan-dev] ikev2-x509-02-eku
| > 
| > This failed for me last night.
| >
| > +002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request
| > rejected by peer: AUTHENTICATION_FAILED
| 
| Seems due to:
| 
| "ikev2-westnet-eastnet-x509-cr" #1: ERROR: Certificate key usage inadequate
| for attempted operation.
| 
| I guess you are not using the latest nss 3.41 ?
| 
| Maybe run a yum update in your guests?
| Easiest is to bring up east, west and nic
| 
| ssh root at nic and issue /testing/guestbin/nic-internet
| 
| Then ssh into west and east and run yum update
| 
| with nss 3.39 the test fails. with 3.41 it passes.


More information about the Swan-dev mailing list