wpa_supplicant using EAP-TTLS problem

王奕元 dadai.cm91
Wed Nov 7 23:18:55 PST 2007 

As you say,
I don't have CA file.
How should I do if I use EAP-TTLS authentication?
Now I'm blocked by the ca.pem problem.

I had tried four methods.
First,
I just created /etc/certs directory, without ca.pem in it.
the result is:
 OpenSSL? tls_connection_ca_cert - Failed to load root certificates
error?02001002?system library?fopen?No such file or directory
OpenSSL? pending error? error?2006D080?BIO routines?BIO_new_file?no such
file
OpenSSL? pending error? error?0B084002? x509 certificate
routines?X509_load_cert_crl_file?system lib
OpenSSL? tls_load_ca_der - Failed load CA in DER format
error?02001002?system library?fopen?No such file of directory
OpenSSL? pending error? error?20074002?BIO routines?FILE_CTRL?system lib
OpenSSL? pending error? error?0B06F002?x509 certificate
routines?X509_load_cert_file?system lib
TLS? Failed to set TLS connection parameters
EAP-TTLS? Failed to initialize SSL.

Second,
I created an empty file named ca.pem and placed it in /etc/certs/.
the result is:
OpenSSL? tls_connection_ca_cert - Failed to load root certificates
error?00000000?lib(0)?func(0)?reason(0)
OpenSSL? tls_load_ca_der - Failed load CA in DER format error?0D07207B?asn1
encoding routines?ASN1_get_object?header too long
OpenSSL? pending error? error?0B06F00D?x509 certificate
routines?X509_load_cert_file?ASN1 lib
 TLS? Failed to set TLS connection parameters
EAP-TTLS? Failed to initialize SSL.

Third,
I copied the /usr/share/doc/perl-IO-Socket-SSL-1.01/certs/my-ca.pem to
/etc/certs/
and the result is:
TLS? Certificate verification failed. error 19 (self signed certificate in
certificate chain) depth 1 for '/C=CA/ST=Province/L=Some
City/0=0rganization/OU=localhost/CN=Client
certificate/emailAddress=client at example.com'
SSL? SSL3 alert? write (local SSL3 detected an error)?fatal?unknown CA
OpenSSL? tls_connection_handshake - SSL_connect error?14090086?SSL
routines?SSL3_GET_SERVER_CERTIFICATE?certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Forth,
I copied the RADIUS Server's certs/demoCA/cacert.pem, and placed it in my
host's /etc/certs
and the result is:
TLS: Certificate verification failed, error 10 (certificate has expired)
depth 1 for '/C=CA/ST=Province/L=Some
City/O=Organization/OU=localhost/CN=Client
certificate/emailAddress=client at example.com'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:certificate
expired
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071108/170e2513/attachment.htm

More information about the Hostap mailing list