After tweaking through each line of the config file, I found the problem turned out to be that I used a combined certificate for server, which has the server certificate and the intermediate one. Seems that ocserv doesn’t like the server cert in this way, so it just failed noisily.
I guess this is probably an upstream issue – should ocserv print a message that it does not like the idea of combined certs, rather than throwing a segfault?
