[Swan-dev] something killing raw keys in testing?
Paul Wouters
paul at nohats.ca
Mon Jun 17 03:43:32 UTC 2019
[root at west linux-audit-01]# certutil -d sql:/etc/ipsec.d -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa b49f1aac9e456e7929c881973a0c6ad37f0f0350 (orphan)
[root at west linux-audit-01]# echo '@psk-west-v2 @psk-east-v2: PSK "ThisIsHereToMisMatch"' >> /etc/ipsec.secrets
[root at west linux-audit-01]# echo ': PSK "test"' >> /etc/ipsec.secrets
[root at west linux-audit-01]# ipsec start
Redirecting to: systemctl start ipsec.service
[root at west linux-audit-01]# /testing/pluto/bin/wait-until-pluto-started
[root at west linux-audit-01]# certutil -d sql:/etc/ipsec.d -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found
I'm confused what is killing these. It does not seem to be ipsec checknss which is called in the service file.
Anyone else seeing this?
I don't see any changes in the ipsec.service and the keys are there
after swan-prep finished. Once pluto is started, they are gone ?
Paul
More information about the Swan-dev
mailing list