<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=FR link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span lang=EN-GB>Hello,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-GB>I'm working on the automated tests of
strongSwan-4.6.2. I have a problem with two tests of yours :
“ikev2/ocsp-signer-cert” and
“ikev2/ocsp-timeouts-good”. The second one is based on the first.
Both indicate a certificate invalidity (see moon’s <i>daemon.log</i> file
below). On your website they probably passed because you launched them on
February 20<sup>th</sup> 2012, and these certificate were valid until February
24<sup>th</sup> 2012.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-GB>Could you please let me know if there is an
evolution of these tests ? Should I regenerate certificates by myself to pass
them ?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-GB>Moon’s <i>daemon.log</i> file
extracted from the test “ikev2/ocsp-signer-cert” :<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[DMN]
Starting IKEv2 charon daemon (strongSwan 4.6.2) <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[CFG]
loading ca certificates from '/etc/ipsec.d/cacerts' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[CFG]
loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root
CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[CFG]
loading aa certificates from '/etc/ipsec.d/aacerts' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[CFG]
loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[CFG]
loading attribute certificates from '/etc/ipsec.d/acerts' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[CFG]
loading crls from '/etc/ipsec.d/crls' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[CFG]
loading secrets from '/etc/ipsec.secrets' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
00[CFG] loaded RSA private key from
'/etc/ipsec.d/private/moonKey.pem' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[KNL]
listening on interfaces: <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[KNL]
eth0 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
00[KNL] 192.168.0.1 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
00[KNL] fec0::1 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
00[KNL] fe80::fcfd:c0ff:fea8:1 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
00[KNL] eth1 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[KNL]
10.1.0.1 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
00[KNL] fec1::1 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
00[KNL] fe80::fcfd:aff:fe01:1 <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[DMN]
loaded plugins: curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation
hmac xcbc stroke kernel-netlink socket-default <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 00[JOB]
spawning 16 worker threads <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 08[CFG]
received stroke: add ca 'strongswan-ca' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 08[CFG]
added ca 'strongswan-ca' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 09[CFG]
received stroke: add connection 'rw' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon:
09[CFG] loaded certificate "C=CH, O=Linux strongSwan,
CN=moon.strongswan.org" from 'moonCert.pem' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:20 moon charon: 09[CFG]
added configuration 'rw' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:22 moon charon: 05[NET]
received packet: from 192.168.0.100[500] to 192.168.0.1[500] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:22 moon charon: 05[ENC]
parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:22 moon charon: 05[IKE]
192.168.0.100 is initiating an IKE_SA <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 05[IKE]
sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root
CA" <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 05[ENC]
generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ
N(MULT_AUTH) ] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 05[NET]
sending packet: from 192.168.0.1[500] to 192.168.0.100[500] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[NET]
received packet: from 192.168.0.100[4500] to 192.168.0.1[4500] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[ENC]
parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi
TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[IKE]
received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root
CA" <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[IKE]
received end entity cert "C=CH, O=Linux strongSwan, OU=OCSP, <a
href="mailto:CN=carol@strongswan.org">CN=carol@strongswan.org</a>" <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[CFG]
looking for peer configs matching
192.168.0.1[moon.strongswan.org]...192.168.0.100[carol@strongswan.org] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[CFG]
selected peer config 'rw' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon:
04[CFG] using certificate "C=CH, O=Linux strongSwan, OU=OCSP, <a
href="mailto:CN=carol@strongswan.org">CN=carol@strongswan.org</a>" <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon:
04[CFG] using trusted ca certificate "C=CH, O=Linux
strongSwan, CN=strongSwan Root CA" <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[CFG] <span
style='color:red'>subject certificate invalid (valid from Feb 25 08:58:57 2007
to Feb 24 08:58:57 2012) <o:p></o:p></span></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[IKE] no
trusted RSA public key found for 'carol@strongswan.org' <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[IKE]
peer supports MOBIKE <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[ENC]
generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:23 moon charon: 04[NET] sending
packet: from 192.168.0.1[4500] to 192.168.0.100[4500] <o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-GB>Mar 28 21:23:26 moon charon: 00[DMN]
signal of type SIGINT received. Shutting down<o:p></o:p></span></i></p>
<p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-GB>Thanks and best regards,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-GB>Stéphanie Ngo Maemble</span><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>