Hi guys, I am testing Nitrokey Pro 2 with OpenVPN, and stumbled upon an error that was mentioned on the forum. the link is below for the previous ticket.
The full error is:
OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
So far I have:
- An OpenVPN server running on Debian 10
- A client based on Fedora 30 VM on Qubes (as standalone not AppVM).
The server has OpenVPN 2.5, and the client has Opensc 0.19 and OpenVPN 2.49, but the issue is client-side.
I followed the Nitrokey docs and the OpenVPN HOWTO, but got stuck at the same level as this ticket.
Maybe it is an issue with the pkcs11-helper module as mentioned in this ticket?
Here is my config file for the client, as it works if I choose to connect without the token:
client dev tun proto udp remote <server> 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca ca.crt remote-cert-tls server cipher AES-256-CBC verb 3 redirect-gateway def1 # nitrokey config pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%NN # pkcs11-pin-cache 300 # daemon # auth-retry nointeract # management-hold # management-signal # management 127.0.0.1 8888 # management-query-passwords pkcs11-cert-private 1 # OR # non_nk config # cert client.crt # key client.key # tls-auth ta.key 1
I have two questions:
- Is related to OpenSC 0.19 or the device itself?
- Can it be due the pkcs11-helper (v 1.22)?