On Thu, 24 Jan 2019 at 00:06, Paul Wouters <[email protected]> wrote: > > On Mon, 21 Jan 2019, Paul Wouters wrote: > > > - ikev2-26-keyingtries > > Fixed - it used the wrong EVENT type
Yea, that code is pretty messed up (and it always used the wrong event). Unfortunately the change poked the IKE vs CHILD switch monster. We now see: 002 "nss-cert-incorrect" #4: Peer public key SubjectAltName does not match peer ID for this connection 002 "nss-cert-incorrect" #4: X509: CERT payload does not match connection ID 224 "nss-cert-incorrect" #4: STATE_PARENT_I2: v2N_AUTHENTICATION_FAILED -002 "nss-cert-incorrect" #4: deleting other state #4 (STATE_PARENT_I2) and NOT sending notification -002 "nss-cert-incorrect" #3: deleting state (STATE_PARENT_I2) and NOT sending notification -west # +002 "nss-cert-incorrect" #5: initiating v2 parent SA to replace #3 +133 "nss-cert-incorrect" #5: STATE_PARENT_I0: initiate, replacing #3 +031 "nss-cert-incorrect" #4: STATE_PARENT_I2: 60 second timeout exceeded after 0 retransmits. Possible authentication failure: no acceptable response to our first encrypted message +000 "nss-cert-incorrect" #4: starting keying attempt 2 of an unlimited number, but releasing whack +133 "nss-cert-incorrect" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 +*** exception running script westrun.sh *** https://testing.libreswan.org/v3.27-663-gd1dfedaf7-master/nss-cert-08-mismatch/OUTPUT/west.console.diff _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
