Incorrect processing of <ca></ca> contents
Posted: Mon Mar 30, 2015 7:39 pm
Hello,
OpenVPN Connect doesn't extract certificate chains in <ca></ca>. Unified form of configuration files is used.
We have this config:
When trying to connect with OpenVPN Connect on iOS and Android we have the following error on client side:
on server side:
This config file work perfectly on OpenVPN GUI and OpenVPN for Android. If we issue client certificate without intermediate certificate, then OpenVPN Connect works fine.
Are you going to fix this problem? Or is there any trick with intermediate certificates?
OpenVPN Connect doesn't extract certificate chains in <ca></ca>. Unified form of configuration files is used.
We have this config:
Code: Select all
remote my.domain.com 443
client
dev tun
proto tcp
persist-remote-ip
nobind
persist-key
persist-tun
cipher AES-256-CBC
remote-cert-tls server
redirect-gateway def1
tls-timeout 4
comp-lzo
verb 3
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
..
-----END RSA PRIVATE KEY-----
</key>Code: Select all
2015-12-12 23:23:23 TCP recv EOF
2015-12-12 23:23:23 Transport Error: Transport error on 'my.domain.com: NETWORK_EOF_ERRORCode: Select all
2015-12-12 23:23:23 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: CN=2323
2015-12-12 23:23:23 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returnedAre you going to fix this problem? Or is there any trick with intermediate certificates?