dongnan
总版主
总版主
  • 粉丝52
  • 发帖数2165
  • 铜币13236枚
  • 威望5838点
  • 银元150个
  • 社区居民
  • 最爱沙发
  • 忠实会员
  • 原创写手
阅读:983回复:0

OpenSSL 升级导致 OpenSSL: error:140890B2:SSL x..x:no certificate returned

楼主#
更多 发布于:2017-11-09 14:07
问题描述
使用 YUM 对系统进行升级,OpenVPN / OpenSSL 升级到新版本后 ,VPN客户端链接失败,提示如下:
Wed Oct 11 13:43:21 2017 us=242805 MULTI: multi_create_instance called
Wed Oct 11 13:43:21 2017 us=242889 123.124.2xx.2xx:57652 Re-using SSL/TLS context
Wed Oct 11 13:43:21 2017 us=243019 123.124.2xx.2xx:57652 LZO compression initializing
省略...
Wed Oct 11 13:43:21 2017 us=268804 123.124.2xx.2xx:57652 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Wed Oct 11 13:43:21 2017 us=268834 123.124.2xx.2xx:57652 TLS_ERROR: BIO read tls_read_plaintext error
Wed Oct 11 13:43:21 2017 us=268856 123.124.2xx.2xx:57652 TLS Error: TLS object -> incoming plaintext read error
Wed Oct 11 13:43:21 2017 us=268875 123.124.2xx.2xx:57652 TLS Error: TLS handshake failed
Wed Oct 11 13:43:21 2017 us=268973 123.124.2xx.2xx:57652 SIGUSR1[soft,tls-error] received, client-instance restarting

环境

CentOS 6.9 系统
openvpn-2.4.3-1.el6.x86_64

解决方法

1. 创建配置文件
echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings

2. 重启服务
service restart openvpn

验证

1. 再次链接 VPN 服务器
# vpn client ubuntu 14.04
openvpn --daemon --config /etc/openvpn/dongnan/client.conf

2. 日志
tail /var/log/openvpn.log -f
Wed Oct 11 13:56:36 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Oct 11 13:56:36 2017 OPTIONS IMPORT: route options modified
Wed Oct 11 13:56:36 2017 ROUTE_GATEWAY 192.168.100.1/255.255.255.0 IFACE=eth0 HWADDR=68:f7:28:af:XX:0f
Wed Oct 11 13:56:36 2017 TUN/TAP device tun0 opened
省略...
Wed Oct 11 13:56:36 2017 Initialization Sequence Completed

参考自: https://www.centos.org/forums/viewtopic.php?t=62177
#
游客

返回顶部