FYI, I filed https://bugzilla.redhat.com/show_bug.cgi?id=1530002 (qemu, the process that cannot die) which is for the other issue. Let me know if your seeing the below.
Andrew On 29 December 2017 at 13:17, Andrew Cagney <[email protected]> wrote: > --- > MASTER/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt > +++ > OUTPUT/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt > @@ -23,15 +23,6 @@ > 002 "san" #1: I am sending a certificate request > 002 "san" #1: IMPAIR RETRANSMITS: scheduling timeout in 0.5 seconds > 112 "san" #1: STATE_AGGR_I1: initiate > -002 "san" #1: Peer ID is ID_USER_FQDN: '[email protected]' > -002 "san" #1: certificate verified OK: > [email protected],CN=east.testing.libreswan.org,OU=Test > Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA > -003 "san" #1: No matching subjectAltName found > -003 "san" #1: certificate does not contain ID_USER_FQDN > [email protected] > -002 "san" #1: Peer public key SubjectAltName does not match peer ID > for this connection > -002 "san" #1: X509: CERT payload does not match connection ID > -003 "san" #1: initial Aggressive Mode packet claiming to be from > [email protected] on 192.1.2.23 but no connection has been > authorized > -218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION > -002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500 > 002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set > 002 "san" #1: IMPAIR RETRANSMITS: suppressing re-key > 002 "san" #1: deleting state (STATE_AGGR_I1) > @@ -43,7 +34,6 @@ > west # > grep "ID type" /tmp/pluto.log > | ID type: ID_USER_FQDN (0x3) > -| ID type: ID_USER_FQDN (0x3) > west # > west # > if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv > /tmp/core* OUTPUT/; fi > > Looking at what was exchanged: > > [cagney@bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]' > testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/east.pluto.log > | *received 512 bytes from 192.1.2.45:500 on eth1 (port=500) > | sending 1552 bytes for STATE_AGGR_R0 through eth1:500 to > 192.1.2.45:500 (using #1) > [cagney@bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]' > testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/west.pluto.log > | sending 512 bytes for aggr_outI1 through eth1:500 to 192.1.2.23:500 (using > #1) > > west never sees east's 1552 byte reply > > (adding to my woes, my qemu images have started getting stuck in a > 'device wait' (all you can do is reboot). I'm trying an older kernel > to see if that prevents it :-( this is unrelated to the above) > > > On 27 December 2017 at 17:09, Paul Wouters <[email protected]> wrote: >> I’m using f27 on the host and see no issues ? Do you have an example test >> case? >> >> Sent from my iPhone >> >>> On Dec 27, 2017, at 16:48, Andrew Cagney <[email protected]> wrote: >>> >>> Is anyone (other than me) having trouble getting the x509 tests to >>> work when using F27 as the host (F22 as the guest)? Looking at the >>> log it seems that the responder (east) sends a large (2k) packet but >>> west (the initiator) never sees it? >>> >>> Andrew >>> _______________________________________________ >>> Swan-dev mailing list >>> [email protected] >>> https://lists.libreswan.org/mailman/listinfo/swan-dev >> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
