/testing/guestbin/swan-prep --x509
Preparing X.509 files
east #
 ipsec certutil -D -n west
east #
 # replace nic with the nic-no url cert
east #
 ipsec certutil -D -n nic
east #
 ipsec certutil -A -i /testing/x509/certs/nic-nourl.crt -n nic -t "P,,"
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec auto --add nss-cert-ocsp
"nss-cert-ocsp": added IKEv1 connection
east #
 ipsec whack --impair timeout_on_retransmit
east #
 echo "initdone"
initdone
east #
 # on east, revocation should show up
east #
 hostname | grep east && grep "certificate revoked" /tmp/pluto.log
east
east #
 # should show a hit
east #
 hostname |grep east && grep ERROR /tmp/pluto.log
east
"nss-cert-ocsp" #1: NSS: ERROR: IPsec certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA invalid: SEC_ERROR_REVOKED_CERTIFICATE: Peer's Certificate has been revoked.
east #
 # should not show a hit
east #
 hostname |grep nic && journalctl /sbin/ocspd --no-pager | tail -n 20 |grep TRYLATER
east #
 
