So far my findings: I have been able to upgrade the nss version, although not sure if done properly. However, the problem does not seem to be caused by the NSS version, at least not directly.
certutil - L triggers the same error on both the Centos 5 server where libreswan does not work properly (yet), as well as on another Centos 5 server but also on the Centos 6 server where it all works just fine. Trying to google more information with very limited success. Tomas -----Original Message----- From: Paul Wouters [mailto:[email protected]] Sent: Friday, September 25, 2015 8:40 PM To: Tomas France Cc: [email protected] Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5 On Fri, 25 Sep 2015, Tomas France wrote: > Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS > 5 > > The prelink trick worked, it's all "green" now. > > However, both the "ipsec checknss" and "ipsec initnss" commands result > in the mentioned error. See below: > > --------------------------------------- > [root@fr4 logs]# ipsec checknss > Initializing NSS database > See 'man pluto' if you want to protect the NSS database with a > password > > certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The > certificate/key database is in an old, unsupported format. > Failed to initialize nss database sql:/etc/ipsec.d Looks like the RHEL5 version of nss does not support the sql format? I guess you should grab the nss srpm of centos6 and recompile for centos5 Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
