/testing/guestbin/swan-prep --x509
Preparing X.509 files
west #
 ipsec _stackmanager start
west #
 service auditd stop > /dev/null 2> /dev/null
west #
 rm  -f /var/log/audit/audit.log
west #
 systemctl start auditd.service
west #
 mkdir -p /var/run/pluto
west #
 ipsec pluto --config /etc/ipsec.conf
west #
 /testing/pluto/bin/wait-until-pluto-started
west #
 ipsec auto --add nss-cert
002 added connection description "nss-cert"
west #
 echo "initdone"
initdone
west #
 ipsec auto --up nss-cert
002 "nss-cert" #1: initiating Main Mode
1v1 "nss-cert" #1: STATE_MAIN_I1: sent MI1, expecting MR1
1v1 "nss-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2
1v1 "nss-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "nss-cert" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
003 "nss-cert" #1: Authenticated using RSA with SHA-1
004 "nss-cert" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
002 "nss-cert" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
1v1 "nss-cert" #2: STATE_QUICK_I1: sent QI1, expecting QR1
004 "nss-cert" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive}
west #
 ipsec auto --down nss-cert
002 "nss-cert": terminating SAs using this connection
002 "nss-cert" #2: deleting state (STATE_QUICK_I2) and sending notification
005 "nss-cert" #2: ESP traffic information: in=0B out=0B
002 "nss-cert" #1: deleting state (STATE_MAIN_I4) and sending notification
west #
 # pluto should survive this and report back
west #
 ipsec whack --seccomp-crashtest
003 Performing seccomp security test using getsid() syscall
003 pluto: seccomp test syscall was not blocked
003 ERROR: pluto seccomp was tolerant but the rogue syscall was not blocked!
west #
 # no log entries should appear
west #
 grep SECCOMP /var/log/audit/audit.log
west #
 echo done
done
west #
 certutil -L -d sql:/etc/ipsec.d/
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
west                                                         u,u,u
Libreswan test CA for mainca - Libreswan                     CT,, 
east                                                         P,,  
road                                                         P,,  
north                                                        P,,  
hashsha1                                                     P,,  
east-ec                                                      P,,  
nic                                                          P,,  
west #
 ../bin/check-for-core.sh
west #
 if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi

