/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
east #
 /testing/x509/import.sh real/mainca/revoked.p12
 ipsec pk12util -w nss-pw -i real/mainca/revoked.p12
pk12util: PKCS12 IMPORT SUCCESSFUL
 ipsec certutil -M -n mainca -t CT,,
 ipsec certutil -O -n revoked
"mainca" [E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA]
  "revoked" [E=user-revoked@testing.libreswan.org,CN=revoked.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA]
east #
 /testing/x509/import.sh real/mainca/nic.end.cert
 ipsec certutil -A -n nic -t P,, -i real/mainca/nic.end.cert
 ipsec certutil -O -n nic
"mainca" [E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA]
  "nic" [E=user-nic@testing.libreswan.org,CN=nic.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA]
east #
 # In strict mode, without up-to-date CRL, EAST unconditionally rejects
east #
 # all CERTS.
east #
 /testing/x509/import.sh real/mainca/crl-is-up-to-date.crl
 ipsec crlutil -I -i real/mainca/crl-is-up-to-date.crl
east #
 ipsec certutil -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
revoked                                                      u,u,u
mainca                                                       CT,, 
nic                                                          P,,  
east #
 ipsec start
Redirecting to: [initsystem]
east #
 ../../guestbin/wait-until-pluto-started
east #
 ipsec add east
"east": added IKEv2 connection
east #
 echo "initdone"
initdone
east #
 test -r /tmp/pluto.log && grep -e '^[^|].*ERROR' /tmp/pluto.log
east #
 test -r /tmp/pluto.log && ipsec crlutil -L
CRL names                                CRL Type
mainca                                   CRL  
east #
