Re: [Swan-dev] confused by make check [was: ikev2-frag-02-ipv6 fails due to certificate problems]

| From: D. Hugh Redelmeier | People who understand our makefiles: please read. Please, please. | ... Now I wanted to stop the tests that so I | could genererate the testing certificates. I did | touch ~/libreswan/testing/pluto/stop-tests-now | following the chart |

Re: [Swan-dev] parent and child's responsibilities

| From: Paul Wouters | On Sat, 20 Jun 2015, D. Hugh Redelmeier wrote: | | > I'm trying to fix IKEv2's inI2 ourR2 logic (after I broke it). | | What was the effect of the break? Dose this explain our missing packets? Amusingly, the symptom was UDP packets with no IKE content, just UDP headers /

[Swan-dev] confused by make check [was: ikev2-frag-02-ipv6 fails due to certificate problems]

People who understand our makefiles: please read. | From: Tuomo Soini | "D. Hugh Redelmeier" wrote: | > +000 leftcert with the nickname "key4096" does not exist in NSS db | | You need to recreate testing certificates - new 4096 sized host key, | is needed so fragmentation is triggered. Thank

Re: [Swan-dev] parent and child's responsibilities

On Sat, 20 Jun 2015, D. Hugh Redelmeier wrote: I'm trying to fix IKEv2's inI2 ourR2 logic (after I broke it). What was the effect of the break? Dose this explain our missing packets? A child SA is established (if all went well). So going in, there is one parent state object and coming out i

Re: [Swan-dev] ikev2-frag-02-ipv6 fails due to certificate problems

On Sat, 20 Jun 2015, D. Hugh Redelmeier wrote: I don't think that I had anything to do with this failure (but I cannot be sure): +certutil: unable to open "/testing/x509/certs/key4096.crt" for reading (-5950, 2). -002 added connection description "v6-tunnel" +000 leftcert with the nickname "

Re: [Swan-dev] x509-pluto-frag-04: east sees no IKE packets

On Sat, 20 Jun 2015, D. Hugh Redelmeier wrote: Subject: [Swan-dev] x509-pluto-frag-04: east sees no IKE packets This is odd. Paul: can you figure out what's (not) going on? I have seen test cases and gotten reports of 3.14rc2 mysteriously not sending packets. I've seen it on my kvm test mach

Re: [Swan-dev] ikev2-frag-02-ipv6 fails due to certificate problems

On Sat, 20 Jun 2015 04:26:07 -0400 (EDT) "D. Hugh Redelmeier" wrote: > I don't think that I had anything to do with this failure (but I > cannot be sure): I was staring at: 72ef1f2752b99dc1d962364eb371776337b016bd Your calculations indicate we have too big value (1240) for ISAKMP_FRAG_MAXLEN_IP

Re: [Swan-dev] ikev2-frag-02-ipv6 fails due to certificate problems

On Sat, 20 Jun 2015 04:26:07 -0400 (EDT) "D. Hugh Redelmeier" wrote: > I don't think that I had anything to do with this failure (but I > cannot be sure): > > +certutil: unable to open "/testing/x509/certs/key4096.crt" for > reading (-5950, 2). > > -002 added connection description "v6-tunnel"

[Swan-dev] x509-pluto-frag-04: east sees no IKE packets

This is odd. Paul: can you figure out what's (not) going on? ___ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev

[Swan-dev] ikev2-frag-02-ipv6 fails due to certificate problems

I don't think that I had anything to do with this failure (but I cannot be sure): +certutil: unable to open "/testing/x509/certs/key4096.crt" for reading (-5950, 2). -002 added connection description "v6-tunnel" +000 leftcert with the nickname "key4096" does not exist in NSS db ___

[Swan-dev] parent and child's responsibilities

I'm trying to fix IKEv2's inI2 ourR2 logic (after I broke it). A child SA is established (if all went well). So going in, there is one parent state object and coming out it is joined by the child state object. Confusingly, they seem to both be in STATE_PARENT_R2. That seems wrong. Very wrong