/testing/guestbin/swan-prep --x509
Preparing X.509 files
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 # list certs in NSS DB
east #
 ipsec whack --listcerts | grep east
End certificate "east" - SN: 0xXX
  subject: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org
east #
 # add / remove 'test'
east #
 ipsec auto --add test
"test": added IKEv2 connection
east #
 ipsec auto --delete test
east #
 # delete certificate east
east #
 ipsec certutil -D -n east
east #
 # whack should not show certificate
east #
 ipsec whack --listcerts | grep east
east #
 # try a load; should fail
east #
 ipsec auto --add test
"test": failed to add connection: right certificate 'east' not found in the NSS database
east #
 ipsec auto --delete test
no connection or alias named "test"'
east #
 # put east back
east #
 /testing/x509/import.sh real/mainca/east.end.cert
ipsec certutil -A -n east -t P,, -i real/mainca/east.end.cert
east #
 # re-load should not dump core
east #
 ipsec auto --add test
"test": added IKEv2 connection
east #
 ipsec auto --delete test
east #
 ../../guestbin/ipsec-kernel-state.sh
east #
 ../../guestbin/ipsec-kernel-policy.sh
east #
 
