EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails

Coert coert.vonk
Fri Feb 11 19:22:34 PST 2005


I analyzed the WPA IE (based on the "WPA IE version 1" comments in
wpa.c), and found that my Authenticator was advertising pre-auth in
its beacon/probe response, but did not include this in the WPA key
handshake.  I disabled pre-authentication on the Authenticator, and
now the connection is coming up.

WPA: WPA IE in 3/4 msg - hexdump(len=24): 
dd 16 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01

WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): 
dd 18 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 01 00 
                                                                      
 ----- WPA capabilities=pre-auth
                                                           
----------- auth key mng suite list=802.1X
                                                      ----- auth key
mng suite count=1
                                          ----------- pairwise suite list=CCMP
                                    ----- pair wise suite count=1
                        ----------- group selecter CCMP
                  ----- version=1
               -- OUI type
      -------- OUI
   -- length 
-- generic id



On Fri, 11 Feb 2005 15:24:15 -0800, Coert <coert.vonk at gmail.com> wrote:
> I am trying to read the WPA IE.  I found IEEE 802.11i, but that only
> has the definition of the RSN IE.  Can you point me to the WPA IE
> spec?
> 
> 
> On Fri, 11 Feb 2005 10:32:08 -0800, Coert <coert.vonk at gmail.com> wrote:
> > A workaround would be nice.  Maybe I am doing something wrong, but I
> > switched to TKIP on both the authenticator and the supplicant, and
> > still see these messages:
> >
> >   WPA: RX message 3 of 4-Way Handshake from 00:02:6f:21:df:ff (ver=1)
> >   WPA: IE KeyData - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2
> > 02 01 00 00 50 f2 02 01 00 00 50 f2 01
> >   WPA: No WPA/RSN IE for this AP known. Trying to get from scan results
> >   WPA: Found the current AP from updated scan results
> >   WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp
> > (src=00:02:6f:21:df:ff)
> >   WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): dd 18 00 50 f2 01
> > 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 01 00
> >   WPA: WPA IE in 3/4 msg - hexdump(len=24): dd 16 00 50 f2 01 01 00 00
> > 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
> >
> > Updated traces and .conf files are attached
> >
> > BTW I cross posted it on the madwifi-users list, as Jouni suggested.
> >
> > /coert
> >
> > On Fri, 11 Feb 2005 12:21:38 +0100, Gunter Burchardt
> > <gbur at informatik.uni-rostock.de> wrote:
> > > An easy workaround is to use only TKIP or CCMP, not both together.
> > >
> > > regards
> > > gunter
> > > _______________________________________________
> > > HostAP mailing list
> > > HostAP at shmoo.com
> > > http://lists.shmoo.com/mailman/listinfo/hostap




More information about the Hostap mailing list