On Fri, 25 Sep 2015, Tomas France wrote:
Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5
OK, one more problem it seems. The RPM is installed and "ipsec verify" shows
all green, except for "prelink" which shows "present" in yellow but that's
probably not important for now.
it only matters if you will run in FIPS mode, in which case I recommend:
prelink -ua
rpm -e prelink
But when starting the ipsec service, I now get this error:
----------------------
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
database is in an old, unsupported format.
Failed to initialize nss database sql:/etc/ipsec.d
.Initializing NSS database
See 'man pluto' if you want to protect the NSS database with a password
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
database is in an old, unsupported format.
Failed to initialize nss database sql:/etc/ipsec.d
----------------------
I have not seen anything similar before.
The ipsec service should automatically have migrated that. Can you run:
ipsec checknss
it should convert from the old db files to the new db files. Or if you
never used NSS before and have no certificates or raw keys generated,
you can start a fresh one using:
ipsec initnss
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
