Since 1.2.6 it seems the chain CA validation is broken.
Our infra is a bit particular as we have two differents CA
Server: CA1 -> subCA1 -> Sub-subCA1 -> server cert
Clients: CA2 -> subCA2 -> Sub-subCA2 -> client cert
The server includes CA2 in addition to the CA1 chain in its CA file to validate our clients.
The clients include CA1 in addition to the CA2 chain in its CA file as well.
All works for windows/linux/OSX/Android clients. But it fails for IOS since 1.2.6 (and maybe 1.2.5), it was working before though.
The server log shows that if fails to check the client chain:
Code: Select all
VERIFY ERROR: depth=0, error=unable to get local issuer certificate: OU=OpenVPN-Mobile, CN=xxx
Should I fill a bug report for this?
Apologies if it has been reported already.