id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 1299,Android and IOS Client are not sending User Cert Chain,mitch-geht-ab,OpenVPN Inc.,"Hi, I'm using OVPN on my Samsung S8, Android 9, OpenVPN Connect Ver. 3.2.2 (5027). Today I notice that I can't connect with my OVPN Server (2.4.7). Message on server side: {{{ Jul 5 22:07:37 orion ovpn-road-server[4311]: 192.168.2.61:56866 TLS: Initial packet from [AF_INET]192.168.2.61:56866 (via [AF_INET]192.168.2.254%br1), sid=f48ece9a bc988215 Jul 5 22:07:37 orion ovpn-road-server[4311]: 192.168.2.61:56866 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=DE, O=xxxxxx, CN=thomas Jul 5 22:07:37 orion ovpn-road-server[4311]: 192.168.2.61:56866 OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed Jul 5 22:07:37 orion ovpn-road-server[4311]: 192.168.2.61:56866 TLS_ERROR: BIO read tls_read_plaintext error Jul 5 22:07:37 orion ovpn-road-server[4311]: 192.168.2.61:56866 TLS Error: TLS object -> incoming plaintext read error Jul 5 22:07:37 orion ovpn-road-server[4311]: 192.168.2.61:56866 TLS Error: TLS handshake failed Jul 5 22:07:37 orion ovpn-road-server[4311]: 192.168.2.61:56866 SIGUSR1[soft,tls-error] received, client-instance restarting }}} Same with both, IOS and Android client. It was working few weeks ago. With my windows client (win10, openvpn binary 2.4.6), the same client .ovpn config is working. Server config for ""ca"" links to the root-ca cert file. In my client config I use embedded ca and cert section. section contains the root-ca. section contains client-cert + intermediate-ca. As mentioned above, same config file, working on win10 but isn't working on IOS and Android. After switching on server side from root-ca-only to ca-chain (signing + root) it works. I think there was an update on Android and IOS side and mobile clients aren't sending the full user chain now. BR Mitch",Bug / Defect,closed,critical,,OpenVPN Connect,OpenVPN Connect for Android,"Not set (select this one, unless your'e a OpenVPN developer)",invalid,,