From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vkarpinsky@mail.ru>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham autolearn_force=no
 version=3.4.1
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru;
 s=mail2; 
 h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject;
 bh=eCQI91oee8KYF2YyU5Hxm/wCfaLRxclrPlmP1w+/xnQ=; 
 b=LmA1zmbUryXDOuHfqS7YJs8MzNegTkT7MVV7m5yYDd4GHiia7J8EUhixQg8OTOWhwbpsESmF5Fftn+odY6kOF0IDRSAXlhPWtUi6Wb1oWL1kz/R6JsdQg4OBiuM1lqKPkdXFhxHp5DofuP4v3QjJOU8BiSs4qRkEBuwUJ12/KXw=;
To: sysadmins@lists.altlinux.org
References: <bbdcce99-7113-3241-53c3-6ad533de64b7@mail.ru>
 <cdf7a4c7a9cd6815e4e4798873f3d01386208b00.camel@naf.net.ru>
From: Vladimir Karpinsky <vkarpinsky@mail.ru>
Message-ID: <cddbfbbf-55bd-ede7-ecc7-032eb1a00705@mail.ru>
Date: Fri, 8 Jun 2018 08:12:29 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <cdf7a4c7a9cd6815e4e4798873f3d01386208b00.camel@naf.net.ru>
Content-Type: text/plain; charset=koi8-r; format=flowed
Content-Language: Russian-English
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp51.i.mail.ru;
 auth=pass smtp.auth=vkarpinsky@mail.ru
 smtp.mailfrom=vkarpinsky@mail.ru
X-7FA49CB5: 0D63561A33F958A548005E33F1FA510FE06B034106DF9CFA34E147877E41608D725E5C173C3A84C3F6A27782D0527605473BAE2DFF5C6A41CCFFBAE954C2DE44C4224003CC836476C0CAF46E325F83A50BF2EBBBDD9D6B0FF045C6A0F83C8214574AF45C6390F7469DAA53EE0834AAEE
X-Mailru-Sender: 47CC51BD8988F12311C17B824601663D283F4DF37D6A0E9926805094041F6E41EF7B3447CC7C7522189086648D43AF80C77752E0C033A69E9629CB05D30F4213116F0678BC710751AE208404248635DF
X-Mras: OK
Subject: Re: [Sysadmins] OpenVPN cert error
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux sysadmins' discussion <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmins' discussion <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sysadmins>,
 <mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
 <mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 05:12:32 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/cddbfbbf-55bd-ede7-ecc7-032eb1a00705@mail.ru/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

Здравствуйте!

08.06.2018 07:47, Nikolay A. Fetisov пишет:
> В Чт, 07/06/2018 в 23:10 +0300, Vladimir Karpinsky пишет:
>> При обновлении виндового клиента OpenVPN до версии 2.4.6 он перестал
>> подключаться с руганью:
>> OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md
>> too weak
>> ....
>>
>> М.б. альтератор откуда-то из другого места конфиг читает?
> 
> Уже было здесь в марте:
> https://lists.altlinux.org/pipermail/sysadmins/2018-March/037921.html
> https://bugzilla.altlinux.org/show_bug.cgi?id=34441

Этоя уже нашёл, но у меня теперь вылезает:

VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=RU, ...
OpenSSL: error:1416F086:SSL 
routines:tls_process_server_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)

потом 10 секунд и т.д.

-- 
	С уважением,
		Владимир.