On 2017-06-22, Stuart Henderson <s...@spacehopper.org> wrote: > On 2017-06-20, Andrew Lemin <andrew.le...@gmail.com> wrote: >> Has anyone else come across any issues recently with Openvpn, Libressl and >> TLS on OpenBSD 6.1? > > Yes there have been problems reported like this: (This is from the > "Investigating self-signed cert behavior change" posts on the libressl > mailing list). > > Mon May 1 22:14:27 2017 UDP link remote: [AF_INET]75.102.1.76:1194 > Mon May 1 22:14:27 2017 VERIFY ERROR: depth=0, error=self signed > certificate: C=XX, ST=XX, L=XX, O=XX, CN=xxx.xxx.com, > emailAddress=x...@xxx.com > Mon May 1 22:14:27 2017 OpenSSL: error:14007086:SSL > routines:CONNECT_CR_CERT:certificate verify failed > Mon May 1 22:14:27 2017 TLS_ERROR: BIO read tls_read_plaintext error > Mon May 1 22:14:27 2017 TLS Error: TLS object -> incoming plaintext read > error > Mon May 1 22:14:27 2017 TLS Error: TLS handshake failed > > I have had OpenVPN working on a 6.1 machine, pretty sure it's cert- > dependent rather than a more general problem. > > beck@ and guenther@ asked for certificates (not keys) showing the problem, > but neither the reporter nor the person who said they also saw the problem > replied with certs.
PS: server and CA certs.