wpa_supplicant + hostapd + RADIUS --> NO WPA/RSN IE
Andrea G Forte
Mon Feb 6 16:21:20 PST 2006
Yes, it was indeed the firmware.
Now everything seems to work with RADIUS. However there seems to be a
small bug in the wpa_supplicant or perhaps it is done on purpose for
The "error" I get is:
EAP: initialize selected EAP method (13, TLS)
TLS: Trusted root certificate(s) loaded
*OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER)
failed error:140CB07C:SSL routines:SSL_use_PrivateKey_file:bad ssl filetype*
*OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (PEM)
failed error:0906D06C:PEM routines:PEM_read_bio:no start line*
*OpenSSL: pending error: error:140CB009:SSL
TLS: Successfully parsed PKCS12 file
TLS: Got certificate from PKCS12: subject='/C=US/ST=New
York/L=Brooklyn/O=Columbia/CN=andrea/emailAddress=andreaf at cs.columbia.edu'
TLS: Got private key from PKCS12
OpenSSL: Reading PKCS#12 file --> OK
SSL: Private key loaded successfully
CTRL-EVENT-EAP-METHOD EAP method 13 (TLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
It seems that even though I have set cert-clt.p12 file in the wpa config
file, the application still says to openssl to look for .der and .pem
files and only *after* it looks in the correct file (p12). Shouldn't it
be the opposite? Shouldn't wpa_supplicant tell to check the p12 file
first as specified in the config file and if it does not find it then
look in the other files?
The relevant part of my config file is as follows:
# private_key: File path to client private key file (PEM/DER/PFX)
# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
# commented out. Both the private key and certificate will be read
# the PKCS#12 file in this case.
> Andrea G Forte wrote:
>> Any idea on what the problem might be? Do I need to update the firmware?
> Yes I think so, you will need at least station firmware 1.7.0. But
> good choice would be update to v1.1.1 (primary) and v1.7.4 (secondary).
More information about the Hostap