[Swan-dev] ikev2-x509-02-eku
D. Hugh Redelmeier
hugh at mimosa.com
Fri Feb 8 05:32:44 UTC 2019
The test is still failing. The same way.
My guests have NSS 3.41.
My host has 3.39. Could that matter? How?
| From: Paul Wouters <paul at nohats.ca>
| Date: Sat, 2 Feb 2019 21:57:42 -0500 (EST)
|
| On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote:
|
| > Subject: [Swan-dev] ikev2-x509-02-eku
| >
| > This failed for me last night.
| >
| > +002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request
| > rejected by peer: AUTHENTICATION_FAILED
|
| Seems due to:
|
| "ikev2-westnet-eastnet-x509-cr" #1: ERROR: Certificate key usage inadequate
| for attempted operation.
|
| I guess you are not using the latest nss 3.41 ?
|
| Maybe run a yum update in your guests?
| Easiest is to bring up east, west and nic
|
| ssh root at nic and issue /testing/guestbin/nic-internet
|
| Then ssh into west and east and run yum update
|
| with nss 3.39 the test fails. with 3.41 it passes.
More information about the Swan-dev
mailing list