<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I found my problem. It was a misconfiguration.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">There still is a bug here: openswan fails very ungracefully in this situation, and the error messages give no hint as to what actually is wrong.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">My nsspassword file was wrong. It should contain ONLY the password. I had a prefix in it, as follows:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">NSS FIPS 140-2 Certificate DB:XXXXXXXXXXXXXXXXX</span></p></div>
</div></blockquote><div><br></div><div>I was using nss w/ out a password (allowed according to the docs). I'll try it with a password right now.</div><div><br></div><div>In light of Kevin's finding, someone should update README.nss as it contains this:</div>
<div><br></div><div>Important thing to note: </div><div>i) You only need the "nsspassword" file if you run pluto in FIPS. In other way,</div><div>if you run pluto in normal or NonFIPS mode, then you can create the NSS</div>
<div>database without password, and you need not create a "nsspassword" file.</div><div>However, if the NSS db is created with a password, the "nsspassword" file must</div><div>also be provided.</div>
<div>
<br></div><div>ii) An example of nsspassword file is as follows:</div><div><br></div><div>token_1_name:its_password</div><div>token_2_name:its_password </div><div><br></div><div>For example, the name of NSS softtoken (or NSS database) is</div>
<div>"NSS Certificate DB" in NonFIPS mode, and assume that its password is xyz.</div><div>So an entry for this in nsspassword file can be: </div><div><br></div><div>NSS Certificate DB:xyz</div><div><br></div><div>
Please note that if FIPS mode is set, then the name of NSS softtoken is </div><div>"NSS FIPS 140-2 Certificate DB". If there are smartcards in the system, there </div><div>entries for passwords should also be entered in this file. Please note, that </div>
<div>there should not be any blank space before the token name, before and after </div><div>colon and after the password.</div><div><br></div></div>