> On Mon, Nov 27, 2023 at 10:47:17AM +0100, Aleksandar Ivanisevic wrote:
>> 2023-11-26T08:33:40.015885+01:00 xxx openvpn[7996]: xxx:6013 OpenSSL:
>> error:0308010C:digital envelope routines::unsupported
>
> So this sounds like "the CRL is built using old algorithms" (MD5?), and
> it might work if you do "providers legacy default" in the server config.
Well, tried adding “providers legacy default” and that seems to have worked,
i.e. I got only one line at startup that the CRL was loaded and nothing on
connect
Nov 28 10:45:51 xxxx openvpn[3225231]: CRL: loaded 1 CRLs from file 2e.crl
It doesn’t seem like I’m using anything old:
~$ openssl crl -in 2e.crl -text | fgrep Algo
Signature Algorithm: sha256WithRSAEncryption
Signature Algorithm: sha256WithRSAEncryption
Anyway, I’ve sent the complete file to Antonio, so you can check.
regards,
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
