Problem with EAP-TLS connection to Atheros AR5002AP-2X AP

Chr chunkeey
Sat Jul 26 09:53:21 PDT 2008 

On Friday 25 July 2008 19:22:41 Dmitry Shmidt wrote:
> Hello,
> I am trying to connect custom STA with 0.5.10 wpa_supplicant to
> AR5002AP-2X with EAP-PEAP (works fine) and EAP-TLS (fails).
> It fails with error:
> SSL: SSL_connect:SSLv3 read server hello A
> TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1
> buf='/C=FR/ST=Radius/L=Somewhere/O=Example
> Inc./emailAddress=admin at example.com/CN=Example Certificate Authority'
> TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0
> buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server
> Certificate/emailAddress=admin at example.com'
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server certificate A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server key exchange A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server certificate request A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server done A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write client certificate A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write client key exchange A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write certificate verify A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write change cipher spec A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write finished A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 flush data
> SSL: (where=0x1002 ret=0xffffffff)
> SSL: SSL_connect:error in SSLv3 read finished A
> SSL: SSL_connect - want more data
> SSL: 1368 bytes pending from ssl_out
> SSL: 1368 bytes left to be sent out (of total 1368 bytes)
> EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> TX EAPOL - hexdump(len=1378): 01 00 05 5e ...
> WPA: FULL TX EAPOL-Key - hexdump(len=1392): 00 03 7f ...
> EAPOL: SUPP_BE entering state RECEIVE
> wpa_driver_tista_event_receive called
> wpa_driver_tista_receive_driver_event...
> wpa_supplicant - EAPOL
> RX EAPOL from 00:03:7f:bf:14:6d
> RX EAPOL - hexdump(len=8): 01 00 00 04 04 14 00 04
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Failure
> EAP: EAP entering state FAILURE
> CTRL-EVENT-EAP-FAILURE EAP authentication failed
>
> Is it wpa_supplicant issue or AP configuration problem ?
That's funny... Do you use a recent debian / ubuntu?
Because I have the same problem here (the same
accesspoint with madwifi hostapd, WPA-EAP TLS).

I think that this mess started sometime ago with an
openssl update... I'll report back when I have more
data, since it's a bit painful to get openssl compiled
on a small laptop.

Regards
	Chr.

More information about the Hostap mailing list