Certificate auth issue in 0.2.2

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Dec 8 02:41:43 EST 2013


On Sun, 2013-12-08 at 03:53 +0800, Karl wrote:
> Yes, sure, ca-cert set, log shows "[main] processed 1 CA
> certificate(s)", and the cert-user-oid set to use CN too, but no luck.

Try verifying the certificate that is sent by the client manually using
certtool and the CA file. What is the output? If it is verified
correctly try enabling debugging (--tls-debug) in ocserv to pin-point
the issue, and if it is not obvious send the relevant parts of the log
here.

As I see you error is not a verification failure, but a failure of the
verification function which is quite uncommon.

regards,
Nikos





More information about the openconnect-devel mailing list