Hi Selva, wow, thanks a lot for your very quick reply, I’m willingly testing the new GHA build and let you know the result as soon as possible.
Thank you, Tom Von: Selva Nair <selva.n...@gmail.com> Gesendet: Freitag, 10. März 2023 14:43 An: openvpn <open...@sup-logistik.de> Cc: openvpn-users@lists.sourceforge.net Betreff: Re: [Openvpn-users] After upgrade Windows 10 client to OpenVPN 2.6, Yubikey PKCS11 PIV fails on server with error 0A00007B:SSL routines::bad Hello, On Thu, Mar 9, 2023 at 4:01 AM openvpn <open...@sup-logistik.de<mailto:open...@sup-logistik.de>> wrote: Hi, I’m posting the follow question here as I was redirect to this mailing list for support by OpenVPN forum. https://forums.openvpn.net/viewtopic.php?p=110748&hilit=error+0A00007B#p110748 Thanks for your report. I think we introduced a bug while changing the pkcs11-helper interface to support RSA-PSS signatures. We now directly call pkcs11h_certificate_signAnyEx() but failed to convert the ECDSA signature to the form OpenSSL expects -- PKCS#11 returns r|s, OpenSSl wants DER encoded asn.1. If you want to try out a fixed version, use openvpn.exe from the GHA build here: https://github.com/selvanair/openvpn/suites/11479839963/artifacts/592797275 Just replacing the one installed in C:\Program Files\OpenVPN\bin with this should do. Selva
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
