pfSense

If OpenVPN server is configured with a "Certificate Depth" higher than 1, the /usr/local/sbin/ovpn_auth_verify will fail to verify the certificate. The for loop in ovpn_auth_verify script :

for check_depth in $(/usr/bin/seq ${3} -1 0)
do
eval serial="\$tls_serial_${check_depth}"
RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "servercn=$2&depth=$3&certdepth=$4&certsubject=$5&serial=$serial&config=$config")
done


doesn't break on the first success (so if the depth is set to 3 it will still check depth 0).