I don't see any code changes that would result in a different presentation order of certificates between 4.8 and 5.0..
tcpdump traces of the negotiation from 4.8 and 5.0 might be useful, as might logs from the 3rd party and maybe isakmpd, though I'll be the first to admit isakmpd logging is pretty impenetrable; I find setting this on the command line gives a fairly good balance of information: -v -D0=29 -D1=49 -D2=10 -D3=30 -D5=20 -D6=30 -D8=30 -D9=30 -D10=20 On 2011-11-30, Toni Mueller <[email protected]> wrote: > Hi, > > I'm running into a problem with OpenBSD 5.0 and isakmpd. A config that > works on 4.8, doesn't work on 5.0: the client is denied access, > allegedly due to OpenBSD shipping the wrong (X.509) certificate, or > certificates in the wrong order. The (3rd party) claim is that it might > ship the CA certificate, followed by the server certificate. > > It would be very nice if someone could shed some light to this. > > TIA! > > > Kind regards, > --Toni++
