--- MASTER/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt +++ OUTPUT/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt @@ -23,15 +23,6 @@ 002 "san" #1: I am sending a certificate request 002 "san" #1: IMPAIR RETRANSMITS: scheduling timeout in 0.5 seconds 112 "san" #1: STATE_AGGR_I1: initiate -002 "san" #1: Peer ID is ID_USER_FQDN: '[email protected]' -002 "san" #1: certificate verified OK: [email protected],CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA -003 "san" #1: No matching subjectAltName found -003 "san" #1: certificate does not contain ID_USER_FQDN [email protected] -002 "san" #1: Peer public key SubjectAltName does not match peer ID for this connection -002 "san" #1: X509: CERT payload does not match connection ID -003 "san" #1: initial Aggressive Mode packet claiming to be from [email protected] on 192.1.2.23 but no connection has been authorized -218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION -002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500 002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set 002 "san" #1: IMPAIR RETRANSMITS: suppressing re-key 002 "san" #1: deleting state (STATE_AGGR_I1) @@ -43,7 +34,6 @@ west # grep "ID type" /tmp/pluto.log | ID type: ID_USER_FQDN (0x3) -| ID type: ID_USER_FQDN (0x3) west # west # if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv /tmp/core* OUTPUT/; fi
Looking at what was exchanged: [cagney@bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]' testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/east.pluto.log | *received 512 bytes from 192.1.2.45:500 on eth1 (port=500) | sending 1552 bytes for STATE_AGGR_R0 through eth1:500 to 192.1.2.45:500 (using #1) [cagney@bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]' testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/west.pluto.log | sending 512 bytes for aggr_outI1 through eth1:500 to 192.1.2.23:500 (using #1) west never sees east's 1552 byte reply (adding to my woes, my qemu images have started getting stuck in a 'device wait' (all you can do is reboot). I'm trying an older kernel to see if that prevents it :-( this is unrelated to the above) On 27 December 2017 at 17:09, Paul Wouters <[email protected]> wrote: > I’m using f27 on the host and see no issues ? Do you have an example test > case? > > Sent from my iPhone > >> On Dec 27, 2017, at 16:48, Andrew Cagney <[email protected]> wrote: >> >> Is anyone (other than me) having trouble getting the x509 tests to >> work when using F27 as the host (F22 as the guest)? Looking at the >> log it seems that the responder (east) sends a large (2k) packet but >> west (the initiator) never sees it? >> >> Andrew >> _______________________________________________ >> Swan-dev mailing list >> [email protected] >> https://lists.libreswan.org/mailman/listinfo/swan-dev > _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
