OpenVPN - OpenSSL: error:141F0006

Hi guys, I am testing Nitrokey Pro 2 with OpenVPN, and stumbled upon an error that was mentioned on the forum. the link is below for the previous ticket.

The full error is:
OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib

So far I have:

  • An OpenVPN server running on Debian 10
  • A client based on Fedora 30 VM on Qubes (as standalone not AppVM).

The server has OpenVPN 2.5, and the client has Opensc 0.19 and OpenVPN 2.49, but the issue is client-side.

I followed the Nitrokey docs and the OpenVPN HOWTO, but got stuck at the same level as this ticket.

Maybe it is an issue with the pkcs11-helper module as mentioned in this ticket?

Additionally, I am having some trouble rebuilding pkcs11-helper 1.26 on its own, following these instructions on the client. The version I could install from the .rpm is pkcs11-helper 1.22.

Here is my config file for the client, as it works if I choose to connect without the token:

client
dev tun
proto udp
remote <server> 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
remote-cert-tls server
cipher AES-256-CBC
verb 3
redirect-gateway def1

# nitrokey config

pkcs11-providers /usr/lib64/pkcs11/opensc-pkcs11.so
pkcs11-id 'pkcs11:model=pkcs11:model=PKCS%NNNN%20emulated;token=User%20PIN%20%28OpenPGP%20card%29;manufacturer=ZeitControl;serial=000NNNNNN;id=%NN
# pkcs11-pin-cache 300
# daemon
# auth-retry nointeract
# management-hold
# management-signal
# management 127.0.0.1 8888
# management-query-passwords
pkcs11-cert-private 1

# OR

# non_nk config

# cert client.crt
# key client.key
# tls-auth ta.key 1

I have two questions:

  • Is related to OpenSC 0.19 or the device itself?
  • Can it be due the pkcs11-helper (v 1.22)?

Thanks

Just tested with the HSM2, and it seems to have the same result.

Here is the log:

[user@localhost vpn]$ sudo openvpn --config server.conf 
Tue Sep  8 23:25:09 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020
Tue Sep  8 23:25:09 2020 library versions: OpenSSL 1.1.1g FIPS  21 Apr 2020, LZO 2.08
Tue Sep  8 23:25:09 2020 PKCS#11: Adding PKCS#11 provider '/usr/lib64/pkcs11/opensc-pkcs11.so'
Enter UserPIN (SmartCard-HSM) token Password: ******
Tue Sep  8 23:25:27 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]18.157.180.240:1194
Tue Sep  8 23:25:27 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Sep  8 23:25:27 2020 UDP link local: (not bound)
Tue Sep  8 23:25:27 2020 UDP link remote: [AF_INET]<SERVER>:1194
Tue Sep  8 23:25:27 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Sep  8 23:25:27 2020 TLS: Initial packet from [AF_INET]18.157.180.240:1194, sid=a2ec65f2 4fbdd6c0
Tue Sep  8 23:25:27 2020 VERIFY OK: depth=1, CN=server_CA
Tue Sep  8 23:25:27 2020 VERIFY KU OK
Tue Sep  8 23:25:27 2020 Validating certificate extended key usage
Tue Sep  8 23:25:27 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Sep  8 23:25:27 2020 VERIFY EKU OK
Tue Sep  8 23:25:27 2020 VERIFY OK: depth=0, CN=server
Tue Sep  8 23:25:27 2020 OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
Tue Sep  8 23:25:27 2020 TLS_ERROR: BIO read tls_read_plaintext error
Tue Sep  8 23:25:27 2020 TLS Error: TLS object -> incoming plaintext read error
Tue Sep  8 23:25:27 2020 TLS Error: TLS handshake failed
Tue Sep  8 23:25:27 2020 SIGUSR1[soft,tls-error] received, process restarting
Tue Sep  8 23:25:27 2020 Restart pause, 5 second(s)

Reading 1936 and 1843 I understand that this is related to RSA-PSS which is demanded by TLS 1.3. Perhaps a workaround would be to use TLS 1.2 instead of 1.3.