/testing/guestbin/swan-prep --x509
Preparing X.509 files
east #
 ipsec certutil -D -n west
east #
 ipsec pk12util -i OUTPUT/east-notyetvalid.p12 -W secret
pk12util: PKCS12 IMPORT SUCCESSFUL
east #
 mkdir -p /var/run/pluto
east #
 # Set a time in the future so notyetvalid and east certs are valid
east #
 # here.  Invoke pluto directly so that it is the root of the shared
east #
 # faketime tree.
east #
 LD_PRELOAD=PATH/lib64/faketime/libfaketime.so.1 FAKETIME=+370d ipsec pluto  --config /etc/ipsec.conf
PATH/libexec/ipsec/pluto: unexpected open file descriptor 3
east #
 ../../guestbin/wait-until-pluto-started
east #
 # if faketime works, adding conn should not give a warning about cert
east #
 ipsec auto --add nss-cert
"nss-cert": added IKEv2 connection
east #
 echo "initdone"
initdone
east #
 # only expected to show failure on west
east #
 grep "certificate payload rejected" /tmp/pluto.log
east #
 
