I am trying to use OpenVPN 2.2.1 on Linux (Ubuntu 12.04) to connect to a VPN server maintained by a colleague. He uses TunnelBlick (on a Mac) successfully. I am trying to use his client configuration verbatim, the only changes being different files for the local peer. But I am getting an unhelpful error message (editing out private bits):

$ openvpn mycorp.conf
… OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
… NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
… Cannot load CA certificate file mycorp-ca.crt path (null) (SSL_CTX_load_verify_locations) (OpenSSL)
… Exiting

The file in question (mycorp-ca.crt) is in the current directory; if I rename it, I get an expected error message (…:fopen:No such file or directory:…). It is readable by the current user and is an ASCII file:

----BEGIN CERTIFICATE-----
…18 lines of Base-64…
-----END CERTIFICATE-----

The code in question calls a library function in OpenSSL and it failed. The library function documentation just says, helpfully, that a return value of 0 from the mentioned function means:

The operation failed because CAfile and CApath are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason.

Running openvpn under strace confirms that mycorp-ca.crt is being read. So what is wrong?