On 24 June 2015 at 14:52, Paul Wouters p...@nohats.ca wrote:
On Wed, 24 Jun 2015, Andrew Cagney wrote:
Why did you pick east as the one to do the work on?
It's completely arbitrary. The VMs are identical.
Note we would need to update the kickstart file for pyOpenSSL
and opssibly other
I hadn't gotten to that yet, but also I think you must first migrate NSS using
ipsec --checknss or else modutil will be undone. Also use swanprep --fips to
create required files
Sent from my iPhone
On Jun 24, 2015, at 17:40, Andrew Cagney andrew.cag...@gmail.com wrote:
I'd like to do some
I'd like to do some testing in true fips mode; no hacks or some such.
I suspect I need to do two things:
- boot the kernel in fips mode
- configure the NSS database directory so that it also goes into fips mode
Andrew
PS: I'm going by this:
| From: Andrew Cagney andrew.cag...@gmail.com
| This doesn't seem like a reason for retaining the old shell scripts -
| they are so far behind that they don't even generate all the required
| keys. BTW, best place to run dist_certs.py is on one of the test VMs
| (see make kvm-keys), and not on a
On June 24, 2015 11:34:53 AM EDT, D. Hugh Redelmeier h...@mimosa.com wrote:
| From: Andrew Cagney andrew.cag...@gmail.com
| This doesn't seem like a reason for retaining the old shell scripts -
| they are so far behind that they don't even generate all the required
| keys. BTW, best place to
On 24 June 2015 at 11:34, D. Hugh Redelmeier h...@mimosa.com wrote:
| From: Andrew Cagney andrew.cag...@gmail.com
| This doesn't seem like a reason for retaining the old shell scripts -
| they are so far behind that they don't even generate all the required
| keys. BTW, best place to run
On 24 June 2015 at 12:06, Matt Rogers mrog...@0x83.com wrote:
In the new certificate tests I made them always launch nic, to use it as the
ocsp and crl server available regardless of the vpn status. So I say we can
make nic flexible with its configuration, and let that handle cert
I don't think it is guaranteed that nic boots and runs the creation script
before the other VMs boot. It would add a slowdown if they do
Sent from my iPhone
On Jun 24, 2015, at 13:06, Matt Rogers mrog...@0x83.com wrote:
On June 24, 2015 11:34:53 AM EDT, D. Hugh Redelmeier
On Wed, 24 Jun 2015, Andrew Cagney wrote:
Why did you pick east as the one to do the work on?
It's completely arbitrary. The VMs are identical.
Note we would need to update the kickstart file for pyOpenSSL
and opssibly other pacakges for the guests. I don't really see
a good reason to