I suspect andrew’s kvm magic compile invocations to not yet enable IPsec profiles for nss
Sent from mobile device > On Feb 8, 2019, at 00:32, D. Hugh Redelmeier <[email protected]> wrote: > > The test is still failing. The same way. > > My guests have NSS 3.41. > > My host has 3.39. Could that matter? How? > > | From: Paul Wouters <[email protected]> > | Date: Sat, 2 Feb 2019 21:57:42 -0500 (EST) > | > | On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote: > | > | > Subject: [Swan-dev] ikev2-x509-02-eku > | > > | > This failed for me last night. > | > > | > +002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request > | > rejected by peer: AUTHENTICATION_FAILED > | > | Seems due to: > | > | "ikev2-westnet-eastnet-x509-cr" #1: ERROR: Certificate key usage inadequate > | for attempted operation. > | > | I guess you are not using the latest nss 3.41 ? > | > | Maybe run a yum update in your guests? > | Easiest is to bring up east, west and nic > | > | ssh root@nic and issue /testing/guestbin/nic-internet > | > | Then ssh into west and east and run yum update > | > | with nss 3.39 the test fails. with 3.41 it passes. > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
