Opened 2 years ago

#970 new Bug / Defect

"error=unsupported certificate purpose" when building with OpenSSL 1.1.0

Reported by: berni Owned by:
Priority: minor Milestone:
Component: Certificates Version: OpenVPN 2.4.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Hi,

this was reported by a Debian user in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885581. Between 2.4.4-1 and 2.4.4-2 we have switched to build with OpenSSL 1.1.0 (instead of 1.0.2). Now a previously working local CA does not work anymore with

2017-12-28 10:19:51.581535500 Thu Dec 28 10:19:51 2017 us=581446 TLS: Initial packet from [AF_INET]...:5000, sid=2b216141 7850038f
2017-12-28 10:19:51.615926500 Thu Dec 28 10:19:51 2017 us=615841 VERIFY ERROR: depth=1, error=unsupported certificate purpose: CN=Certificate Authority, DC=, DC=
2017-12-28 10:19:51.615980500 Thu Dec 28 10:19:51 2017 us=615952 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2017-12-28 10:19:51.616033500 Thu Dec 28 10:19:51 2017 us=615975 TLS_ERROR: BIO read tls_read_plaintext error
2017-12-28 10:19:51.616080500 Thu Dec 28 10:19:51 2017 us=616005 TLS Error: TLS object -> incoming plaintext read error
2017-12-28 10:19:51.616097500 Thu Dec 28 10:19:51 2017 us=616018 TLS Error: TLS handshake failed

Thanks for having a look.

Bernhard

Change History (0)

Note: See TracTickets for help on using tickets.