[Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5

[Tomas France]

So far my findings:

I have been able to upgrade the nss version, although not sure if done
properly. However, the problem does not seem to be caused by the NSS
version, at least not directly.

certutil - L

triggers the same error on both the Centos 5 server where libreswan does not
work properly (yet), as well as on another Centos 5 server but also on the
Centos 6 server where it all works just fine.

Trying to google more information with very limited success.

Tomas



-----Original Message-----
From: Paul Wouters [mailto:paul at nohats.ca] 
Sent: Friday, September 25, 2015 8:40 PM
To: Tomas France
Cc: swan at lists.libreswan.org
Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5

On Fri, 25 Sep 2015, Tomas France wrote:

> Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 
> 5
> 
> The prelink trick worked, it's all "green" now.
>
> However, both the "ipsec checknss" and "ipsec initnss" commands result 
> in the mentioned error. See below:
>
> ---------------------------------------
> [root at fr4 logs]# ipsec checknss
> Initializing NSS database
> See 'man pluto' if you want to protect the NSS database with a 
> password
>
> certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The 
> certificate/key database is in an old, unsupported format.
> Failed to initialize nss database sql:/etc/ipsec.d

Looks like the RHEL5 version of nss does not support the sql format? I guess
you should grab the nss srpm of centos6 and recompile for centos5

Paul