On Sun, 11 Apr 2021 at 04:26, Tuomo Soini <[email protected]> wrote: > On Fri, 9 Apr 2021 19:58:06 -0400 > Andrew Cagney <[email protected]> wrote: > > > On Fri, 9 Apr 2021 at 17:46, Andrew Cagney <[email protected]> > > wrote: > > BTW, I've come across this: > > > > -002 "nss-cert-incorrect" #3: certificate verified OK: > > [email protected],CN=east.testing.libreswan.org,OU=Test > > Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA >
> > 003 "nss-cert-incorrect" #3: ID_DER_ASN1_DN > > '[email protected],CN=east.testing.libreswan.org,OU=Test > > Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' does not match > > expected 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test > > Department, CN=road.testing.libreswan.org, > > [email protected]' > > > 002 "nss-cert-incorrect" #3: Peer CERT payload SubjectAltName does > > not match peer ID for this connection These need to be merged. > > > 002 "nss-cert-incorrect" #3: X509: connection failed due to unmatched > > IKE ID in certificate SAN > And this dropped. It's just restating the previous line. > > > That's three log lines effectively saying the same thing, yet not one > > spells out that 'authentication failed' -/ I'll put that down as next > > for my hit list. > > No. those three are not same. First one is certificate subject of > actual certificate. Second one is ID_DER_ASN1_DN (which you can > actually set manually too creating mismatch with certificate) so these > two lines are important to print, both. > > Here was no line to remove or we loose critical information. > There's information scattered across several log lines, when one is sufficient.
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
