On 13 March 2017 at 13:13, Andrew Cagney <[email protected]> wrote: > On 12 March 2017 at 19:21, Paul Wouters <[email protected]> wrote: >> >> Recently got a code fix to get it to pass, but needs updatin. >> >>> 0 230 230 nss-cert-nosecret >>> 0 230 230 nss-cert-ocsp-01-strict >>> 0 230 230 nss-cert-ocsp-02 >>> 0 230 230 nss-cert-ocsp-02-ikev2 >>> 0 230 230 nss-cert-ocsp-03-strict >>> 0 230 230 nss-cert-ocsp-04 >>> 0 230 230 nss-cert-ocsp-05-strict >>> 0 230 230 nss-cert-ocsp-06 >>> 0 230 230 nss-cert-ocsp-07-nourl >> >> >> Some people show a weird ocspd problem on nic. Some people have >> no ocspd on nic :P > > Yes, I noticed. I've rebuilt testing.libreswan.org and some of these > have started passing. I'll wait a few days for the effects to flow > through and post an update.
Rebuilding the domains installing ocspd helped; more tests pass. For others, I see messages like: http://testing.libreswan.org/results/testing/3.20-28-g41be757-master/nss-cert-ocsp-01-strict/OUTPUT/nic.console.diff --- MASTER/nss-cert-ocsp-01-strict/nic.console.txt +++ OUTPUT/nss-cert-ocsp-01-strict/nic.console.txt @@ -14,8 +14,4 @@ initdone nic # journalctl --no-pager -b -xn -u ocspd.service | egrep "status|request" | sed "s/^.*: //" -request for certificate serial 2 -status VALID for 2 -request for certificate serial 4 -status VALID for 4 for instance. The log line looks like: [cagney@bernard master]$ make kvmsh-nic [root@nic nss-cert-ocsp-01-strict]# journalctl --no-pager -b -xn -u ocspd.service -- Logs begin at Wed 2017-03-15 17:08:50 EDT, end at Wed 2017-03-22 10:16:23 EDT. -- Mar 22 10:16:21 nic systemd[1]: Starting OpenCA OCSP Responder... -- Subject: Unit ocspd.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit ocspd.service has begun starting up. Mar 22 10:16:21 nic ocspd[1750]: OpenCA OCSPD v1.9.0 - starting. Mar 22 10:16:21 nic systemd[1]: PID file /var/run/ocspd.pid not readable (yet?) after start. Mar 22 10:16:21 nic systemd[1]: Started OpenCA OCSP Responder. -- Subject: Unit ocspd.service has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit ocspd.service has finished starting up. -- -- The start-up result is done. Mar 22 10:16:23 nic ocspd[1751]: ERROR::Can not parse REQ [root@nic nss-cert-ocsp-01-strict]# so I don't think it is a test race. Anyone understand ocspd? _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
