Problem using ca_path to connect to a EAP-TLS network

Dan Williams dcbw
Tue Dec 9 07:25:58 PST 2008


On Tue, 2008-12-09 at 16:18 +0800, Soh Kam Yung wrote:
> I'm encountering problems connecting to a EAP-TLS network using
> ca_path in my configuration (instead of ca_cert).
> 
> If I use:
> 
> ca_cert = "/usr/local/certs/ca_cert.pem"

I'm pretty sure that OpenSSL doesn't support loading a PEM file with
multiple CAs in it, thus if this is what you're trying to do, you'll
only ever see the first certificate.  To load multiple CAs, you need to
use PKCS12 certs or ca_path.  Not sure if this is your problem, but it
might be.

Dan

> 
> in my configuration, I can connect and join the EAP-TLS network fine.
> 
> However, if I use:
> 
> ca_path = "/usr/local/certs"
> 
> I start seeing the following error in the wpa_supplicant debug output:
> 
> TLS: Certificate verification failed, error 20 (unable to get local
> issuer certificate) depth 1 for '[deleted]'
> 
> Am I using ca_path correctly?
> 
> Regards,
> Kam-Yung




More information about the Hostap mailing list