[Swan-dev] test cases to look into before release

Andrew Cagney andrew.cagney at gmail.com
Thu Jan 24 14:50:20 UTC 2019


On Thu, 24 Jan 2019 at 00:06, Paul Wouters <paul at nohats.ca> wrote:
>
> On Mon, 21 Jan 2019, Paul Wouters wrote:
>
> > - ikev2-26-keyingtries
>
> Fixed - it used the wrong EVENT type

Yea, that code is pretty messed up (and it always used the wrong
event).  Unfortunately the change poked the IKE vs CHILD switch
monster.  We now see:

 002 "nss-cert-incorrect" #4: Peer public key SubjectAltName does not
match peer ID for this connection
 002 "nss-cert-incorrect" #4: X509: CERT payload does not match connection ID
 224 "nss-cert-incorrect" #4: STATE_PARENT_I2: v2N_AUTHENTICATION_FAILED
-002 "nss-cert-incorrect" #4: deleting other state #4
(STATE_PARENT_I2) and NOT sending notification
-002 "nss-cert-incorrect" #3: deleting state (STATE_PARENT_I2) and NOT
sending notification
-west #
+002 "nss-cert-incorrect" #5: initiating v2 parent SA to replace #3
+133 "nss-cert-incorrect" #5: STATE_PARENT_I0: initiate, replacing #3
+031 "nss-cert-incorrect" #4: STATE_PARENT_I2: 60 second timeout
exceeded after 0 retransmits.  Possible authentication failure: no
acceptable response to our first encrypted message
+000 "nss-cert-incorrect" #4: starting keying attempt 2 of an
unlimited number, but releasing whack
+133 "nss-cert-incorrect" #5: STATE_PARENT_I1: sent v2I1, expected v2R1
+*** exception running script westrun.sh ***

https://testing.libreswan.org/v3.27-663-gd1dfedaf7-master/nss-cert-08-mismatch/OUTPUT/west.console.diff


More information about the Swan-dev mailing list