(... end of year tidy-out ...) Ages ago I wrote: > Trying 2.3.3 on client and server, my tunnel fails to come up. Here's > what's logged on the client end: > ... openvpn.TLS[8239]: TLS_ERROR: BIO read tls_read_plaintext error: > error:04075070:rsa routines:RSA_sign:digest too big for rsa key: > error:14099006:SSL routines:SSL3_SEND_CLIENT_VERIFY:EVP lib
I thought I would close the loop on this one for the archive. After a bit of digging around, it appears that OpenSSL was objecting to what it thought was a too-short key for one of the intermediate certificates in our chain, even though it really was entirely adequate given the lifetimes involved. When the time came to re-key the intermediate CA, we increased the sizes and the problem went away. Belated thanks for your suggestions at the time, and season's greetings! -- George D M Ross MSc PhD CEng MBCS CITP, University of Edinburgh, School of Informatics, 10 Crichton Street, Edinburgh, Scotland, EH8 9AB Mail: g...@inf.ed.ac.uk Voice: 0131 650 5147 Fax: 0131 650 6899 PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
pgpoPHq5npcrA.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
