Hi ms4561
I don't know OpenVPN personally, but any application that uses SSL should verify that the certificate presented by the peer is valid and belongs to the peer.
E.g. when the Cisco Anyconnect client receives a fake cert from a proxy then it will either (depending on version and settings)
- deny the connection and inform the user why, or
- inform the user of the certificate mismatch and offer options to cancel the connection or continue anyway.
So "decrypting of HTTPS without the enduser aware" can only happen if the application is not doing proper certificate validation, or if the user just clicks continue without realizing what he is doing (a very real threat nowadays, unfortunately).
hth
Herbert