Certificate auth issue in 0.2.2

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Dec 8 02:41:43 EST 2013

On Sun, 2013-12-08 at 03:53 +0800, Karl wrote:
> Yes, sure, ca-cert set, log shows "[main] processed 1 CA
> certificate(s)", and the cert-user-oid set to use CN too, but no luck.

Try verifying the certificate that is sent by the client manually using
certtool and the CA file. What is the output? If it is verified
correctly try enabling debugging (--tls-debug) in ocserv to pin-point
the issue, and if it is not obvious send the relevant parts of the log

As I see you error is not a verification failure, but a failure of the
verification function which is quite uncommon.


More information about the openconnect-devel mailing list