at 10.04.2014 09:27, Jan Just Keijser wrote: > Hi Erich, > >> >> Still... the error message is bogus. >> > glad to hear that this has been resolved. I agree that the error message > is bogus, but this is what you get back from OpenSSL - and it's quite > hard to tell whether this is due to a missing CA cert, an untrusted CA > cert or whether it is simply a self-signed certificate.
Which by itself is not an error and it should only be thrown if the self signed certificate is _present_ at all. I guess it could > be added as an extended check but it's not something you'd want to do > for every client connecting to a server. Why should you? The client reports it. At that moment it gets the certificate, either its own or the one from the server, it does not really matter. It then somehow tries to verify the validity and fails, because it has no information about issuer (because it is missing). At that very moment only it needs to be decided what the real cause of the error is. Having read a number of threads on this bogus error leads me to the conclusion, that the 'self signed' error just means 'cannot verify validity' and I am pretty sure this can be decoded somehow. Do you have insight where in the code this error is thrown? Thanks Erich ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
