Am 29.09.2023 um 01:08 schrieb mike tancsa:
Hi Selva,
Thank you for looking!
My guess is that something in the certificate or private key is not to
OpenSSL 3.1's liking and it rejects it. Is there any way for you to
check the
contents of the token independently using a tool linked against
OpenSSL 3.1 ?
What am I looking for in that case ? Taking a look at the cert just
with openssl 3.0 on FreeBSD releng14 it seems ok with it. Same with
the Windows version 3.1.x that comes with OpenVPN. Is it possible it
doesnt like the sha1RSA sig ?
OpenSSL 3.0 has security 1 by default (OpenSSL 3.1 has 2 by default)
and that does not allow SHA1 signatures anymore. See
https://www.openssl.org/docs/man3.1/man3/SSL_CTX_set_security_level.html
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
