From: Mathias S. <ma...@ni...> - 2005-02-14 21:04:06
|
On Mon, 14 Feb 2005, Tyrone Omidi wrote: > I thought it was time I finally took the plunge and ditched my static > key setup for tls client-server but it's not gone as well as I'd hoped > and was hoping for some assistance. I used easy-rsa scripts as per the > beta/test howto. My server and client configs are below together with > the log output. > ... > ---- Begin Server log ---- > Mon Feb 14 20:22:04 2005 81.179.223.37:1269 VERIFY ERROR: depth=0, > error=unsupported certificate purpose: > /C=GB/ST=NA/O=DomainLtd/CN=First_Second/emailAddress=first.second@domain > .com > Mon Feb 14 20:22:04 2005 81.179.223.37:1269 TLS_ERROR: BIO read > tls_read_plaintext error: error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > Mon Feb 14 20:22:04 2005 81.179.223.37:1269 TLS Error: TLS object -> > incoming plaintext read error > Mon Feb 14 20:22:04 2005 81.179.223.37:1269 TLS Error: TLS handshake > failed There seems to be a problem with the certificate your client presents to the server. You used ./build-key and NOT ./build-key-server when you created the client cert, right? -- _____________________________________________________________ Mathias Sundman (^) ASCII Ribbon Campaign OpenVPN GUI for Windows X NO HTML/RTF in e-mail http://openvpn.se / \ NO Word docs in e-mail |