Opened 6 years ago
#970 new Bug / Defect
"error=unsupported certificate purpose" when building with OpenSSL 1.1.0
Reported by: | berni | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Certificates | Version: | OpenVPN 2.4.4 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Hi,
this was reported by a Debian user in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885581. Between 2.4.4-1 and 2.4.4-2 we have switched to build with OpenSSL 1.1.0 (instead of 1.0.2). Now a previously working local CA does not work anymore with
2017-12-28 10:19:51.581535500 Thu Dec 28 10:19:51 2017 us=581446 TLS: Initial packet from [AF_INET]...:5000, sid=2b216141 7850038f
2017-12-28 10:19:51.615926500 Thu Dec 28 10:19:51 2017 us=615841 VERIFY ERROR: depth=1, error=unsupported certificate purpose: CN=Certificate Authority, DC=, DC=
2017-12-28 10:19:51.615980500 Thu Dec 28 10:19:51 2017 us=615952 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2017-12-28 10:19:51.616033500 Thu Dec 28 10:19:51 2017 us=615975 TLS_ERROR: BIO read tls_read_plaintext error
2017-12-28 10:19:51.616080500 Thu Dec 28 10:19:51 2017 us=616005 TLS Error: TLS object -> incoming plaintext read error
2017-12-28 10:19:51.616097500 Thu Dec 28 10:19:51 2017 us=616018 TLS Error: TLS handshake failed
Thanks for having a look.
Bernhard