I just noticed my virtual networks were very old: -rw-rw-r-- 1 cagney cagney 143 Sep 25 21:00 ../pool/l.192_0_1.xml
and seem to pre-date F27: -rw-r--r-- 1 root root 33 Oct 24 13:42 /etc/fedora-release after rebuilding them the tests I've so far tried now pass :-/ For reference, a grep of the broken test results confirm that no packet greater than 1500 bytes was being received (working results receive 3400 byte packets; and running tests by hand also worked :-/ ). So presumably there is another race. On 31 December 2017 at 16:29, Andrew Cagney <[email protected]> wrote: > On 29 December 2017 at 13:17, Andrew Cagney <[email protected]> wrote: >> --- >> MASTER/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt >> +++ >> OUTPUT/testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/west.console.txt >> @@ -23,15 +23,6 @@ >> 002 "san" #1: I am sending a certificate request >> 002 "san" #1: IMPAIR RETRANSMITS: scheduling timeout in 0.5 seconds >> 112 "san" #1: STATE_AGGR_I1: initiate >> -002 "san" #1: Peer ID is ID_USER_FQDN: '[email protected]' >> -002 "san" #1: certificate verified OK: >> [email protected],CN=east.testing.libreswan.org,OU=Test >> Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA >> -003 "san" #1: No matching subjectAltName found >> -003 "san" #1: certificate does not contain ID_USER_FQDN >> [email protected] >> -002 "san" #1: Peer public key SubjectAltName does not match peer ID >> for this connection >> -002 "san" #1: X509: CERT payload does not match connection ID >> -003 "san" #1: initial Aggressive Mode packet claiming to be from >> [email protected] on 192.1.2.23 but no connection has been >> authorized >> -218 "san" #1: STATE_AGGR_I1: INVALID_ID_INFORMATION >> -002 "san" #1: sending notification INVALID_ID_INFORMATION to 192.1.2.23:500 >> 002 "san" #1: suppressing retransmit because IMPAIR_RETRANSMITS is set >> 002 "san" #1: IMPAIR RETRANSMITS: suppressing re-key >> 002 "san" #1: deleting state (STATE_AGGR_I1) >> @@ -43,7 +34,6 @@ >> west # >> grep "ID type" /tmp/pluto.log >> | ID type: ID_USER_FQDN (0x3) >> -| ID type: ID_USER_FQDN (0x3) >> west # >> west # >> if [ -n "`ls /tmp/core* 2>/dev/null`" ]; then echo CORE FOUND; mv >> /tmp/core* OUTPUT/; fi >> >> Looking at what was exchanged: >> >> [cagney@bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]' >> testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/east.pluto.log >> | *received 512 bytes from 192.1.2.45:500 on eth1 (port=500) >> | sending 1552 bytes for STATE_AGGR_R0 through eth1:500 to >> 192.1.2.45:500 (using #1) >> [cagney@bernard wip-lswlog]$ egrep -e '^\| (sending|\*received) [0-9]' >> testing/pluto/ikev1-x509-aggr-06-san-email-mismatch/OUTPUT/west.pluto.log >> | sending 512 bytes for aggr_outI1 through eth1:500 to 192.1.2.23:500 (using >> #1) >> >> west never sees east's 1552 byte reply >> >> (adding to my woes, my qemu images have started getting stuck in a >> 'device wait' (all you can do is reboot). I'm trying an older kernel >> to see if that prevents it :-( this is unrelated to the above) >> >> >> On 27 December 2017 at 17:09, Paul Wouters <[email protected]> wrote: >>> I’m using f27 on the host and see no issues ? Do you have an example test >>> case? >>> >>> Sent from my iPhone >>> >>>> On Dec 27, 2017, at 16:48, Andrew Cagney <[email protected]> wrote: >>>> >>>> Is anyone (other than me) having trouble getting the x509 tests to >>>> work when using F27 as the host (F22 as the guest)? Looking at the >>>> log it seems that the responder (east) sends a large (2k) packet but >>>> west (the initiator) never sees it? >>>> >>>> Andrew >>>> _______________________________________________ >>>> Swan-dev mailing list >>>> [email protected] >>>> https://lists.libreswan.org/mailman/listinfo/swan-dev >>> _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
