-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
please disregard my previous message. The CRL is clearly not checked against the CA to verify it. I also tested your CRL against my own server and it loads fine. Relevant log entries: Loading: date/time: CRL: loaded 1 CRLs from file /home/tct/Downloads/crl.pem Using: date/time: VERIFY WARNING: depth=0, unable to get certificate CRL: <foo> It works otherwise. OpenSSL 1.1.1f openvpn 2.7_git BR Sent with Proton Mail secure email. ------- Original Message ------- On Saturday, June 17th, 2023 at 14:01, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote: > Hi, > > this is a wild stab in the dark .. but > > perhaps the CRL is associated with a different CA to the --ca loaded by the > server ? > > BR > > > Sent with Proton Mail secure email. > > > ------- Original Message ------- > On Saturday, June 17th, 2023 at 13:37, Ralf Hildebrandt via Openvpn-users > openvpn-users@lists.sourceforge.net wrote: > > > > > > This is from the working connection - so it's "just log noise", it seems, > > > not causing an actual session abort. > > > > Good! > > > > > My gut feeling is that there is some garbage at the end of the CRL file, > > > so OpenSSL is able to read "loaded 1 CRLs" from the file, and then there > > > is > > > something more, which confuses OpenSSL - but not enough to reject the > > > session. > > > > Attached is the actual crl file in PEM format. > > > > -- > > Ralf Hildebrandt > > Charité - Universitätsmedizin Berlin > > Geschäftsbereich IT | Abteilung Netzwerk > > > > Campus Benjamin Franklin (CBF) > > Haus I | 1. OG | Raum 105 > > Hindenburgdamm 30 | D-12203 Berlin > > > > Tel. +49 30 450 570 155 > > ralf.hildebra...@charite.de > > https://www.charite.de > > _______________________________________________ > > Openvpn-users mailing list > > Openvpn-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-users -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBYJkjboWCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAACF2wf/eVil3YbZmsewZXIRrZ22/SytupLaFV5vMNafNnmDGUF96IfD siIigZARLCtnZ03eTNb80wxHiewjVdnWyWWPNHrpd7xvQCtZv1AKYDrG/Pz2 ZlFZcdX4c18OB5p1UxQZAk8fa+OeCssrUTr9mgqbhmJjrZV6GAXjVFAeZ76p 1TKakpL1TJ+hfQd3pqk9nr9oUXyPedLw0872NNvXvSgTmgdIPLCMhoDIMcqL BmudXluITKBccAq+Na1UBuSfDvW9j6x2ClINSGcAWhNTEa1Siwq/Q2qMyCv2 wcykZk4sHttNYYyQFKDD588i1aoQAo/IS4fLEGVV5KlG8x+jOIwmCQ== =gNuT -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
