On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote:
Subject: [Swan-dev] ikev2-x509-05-san-firstemail-match and more
These failed for me last night, in the same way. Failed so badly that the status was "unresolved". Mostly because the output seemed truncated. testing/pluto/ikev2-x509-05-san-firstemail-match/OUTPUT/west.console.diff 224 "san" #2: STATE_PARENT_I2: v2N_AUTHENTICATION_FAILED -002 "san" #2: deleting other state #2 (STATE_PARENT_I2) and NOT sending notification +002 "san" #2: deleting state (STATE_PARENT_I2) and NOT sending notification +002 "san" #3: initiating v2 parent SA to replace #1 +133 "san" #3: STATE_PARENT_I0: initiate, replacing #1 Is this intentional? If so, the reference logs need to be updated.
No. And it is a recent bug. What it should do after deleting state and before initiating v2 parent SA, is tell you it will rekey in background and release the whack. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
