Dear Tunnelblick Developer Team
I was currently in contact with you and this was my previous error message:
019-05-24 10:56:17.257292 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=**, L=*, O=**, CN=****, emailAddress=**************
Now this was recommended from a developer:
"
What this means is that while checking the VPN's certificates, OpenSSL (used by OpenVPN to deal with encryption) detected a signature that uses a "weak" algorithm.
Please try to connect using Tunnelblick's default version of OpenVPN: "OpenVPN 2.4.7 - OpenSSL v1.0.2r). That uses the older version of OpenSSL, which may allow the "weak" (i.e., insecure) signature. If that doesn't work, you should try "OpenVPN 2.4.7 - LibreSSL 2.7.1". [1]
Revert to Tunnelblick 3.7.8, which you apparently were using successfully (and which I believe has different versions of OpenSSL).
Second, uninstalling/reinstalling Tunnelblick almost never solves a problem. Tunnelblick is self-repairing and detects and offers to fix almost all problems in an installation that it encounters.
"
I tried to connect using Tunnelblick's default version of OpenVPN: "OpenVPN 2.4.7 - OpenSSL v1.0.2r). That uses the older version of OpenSSL, which may allow the "weak" (i.e., insecure) signature. If that doesn't work, you should try "OpenVPN 2.4.7 - LibreSSL 2.7.1".
Now the following error message shows up:
2019-05-24 16:19:34.000000 VERIFY ERROR: depth=0, error=format error in certificate's notAfter field: C=**, L=**, O=***, CN=**, emailAddress=*****
2019-05-24 16:19:34.000000 OpenSSL: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed
2019-05-24 16:19:34.000000 TLS_ERROR: BIO read tls_read_plaintext error
2019-05-24 16:19:34.000000 TLS Error: TLS object -> incoming plaintext read error
2019-05-24 16:19:34.000000 TLS Error: TLS handshake failed
Then I tried to revert Tunnelblick to version 3.7.8.0beta1 (because there is no stable version of 3.7.8 available, otherwise I would like to kindly ask you to send me the download link). However, then this error showed up:
2019-05-24 16:19:34.000000 VERIFY ERROR: depth=0, error=format error in certificate's notAfter field: C=**, L=**, O=***, CN=**, emailAddress=*****
2019-05-24 16:19:34.000000 OpenSSL: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed
2019-05-24 16:19:34.000000 TLS_ERROR: BIO read tls_read_plaintext error
2019-05-24 16:19:34.000000 TLS Error: TLS object -> incoming plaintext read error
2019-05-24 16:19:34.000000 TLS Error: TLS handshake failed
Which is actually the same as the error message before. Well the PREVIOUS error message:
2019-05-24 10:56:17.257292 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=** L=***, O=***, CN=*****, emailAddress=**************
disappeared.
But now I have the following error message:
2019-05-24 16:19:34.000000 VERIFY ERROR: depth=0, error=format error in certificate's notAfter field: C=**, L=**, O=***, CN=**, emailAddress=*****
I can imagine that this is not an easy case.
I am looking forward for your help.
Thank you in advance
Best regards
Valentin Hyla