eapol_test tool against other servers than freeradius

Dana Blanaru dana.blanaru
Fri Jun 13 06:44:59 PDT 2008


I have tried and it was working. :) Great!
Though I have errors related to the server certificate... The server
certificate (server_keycert.pem: the certificate and private key are in the
same file) is on the server side, but maybe eapol_test expects it to be at a
specific path? Or to be in a different format?

This is part of the log:


OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) failed
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1
error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1
lib
OpenSSL: SSL_use_certificate_file (PEM) -->
OK

OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed
error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
OpenSSL: pending error: error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong
tag
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1
error
OpenSSL: pending error: error:0D09A00D:asn1 encoding
routines:d2i_PrivateKey:ASN1
lib
OpenSSL: pending error: error:140CB00D:SSL
routines:SSL_use_PrivateKey_file:ASN1
lib
OpenSSL: SSL_use_PrivateKey_File (PEM) -->
OK

SSL: Private key loaded
successfully

CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS)
selected

EAP: EAP entering state
METHOD

SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data


On Fri, Jun 13, 2008 at 2:38 PM, Dana Blanaru <dana.blanaru at gmail.com>
wrote:

> Jouni, thank you very much for your quick response.
> So after configuring the NAS client on the RADIUS server side, the command
> i have to use is:
>
> eapol_test -c <eapol_test config file>  -a<IP of Radius server> -p1812  -s<shared secret>
>
> Please confirm.
>
>
>
> On Fri, Jun 13, 2008 at 2:31 PM, Jouni Malinen <j at w1.fi> wrote:
>
>> On Fri, Jun 13, 2008 at 11:34:37AM +0200, Dana Blanaru wrote:
>>
>> > Is it possible to use eapol_test tool to test other authentication
>> servers?
>> > I want to test our AAA server using eapol_test tool and i don't know how
>> to
>> > link these 2 together.
>>
>> Sure. There is nothing FreeRADIUS-specific in eapol_test.
>>
>> > Did anybody tried to do this? How to setup my server in order to work
>> with
>> > eapol_test?
>>
>> Yes, I use eapol_test to test wpa_supplicant EAP peer implementation
>> against number of RADIUS authentication servers. The server side does
>> not need any additional configuration apart from allowing the host that
>> you use to run eapol_test on to act as a RADIUS client. In other words,
>> you will just need to configure that host as a NAS/client in the RADIUS
>> server configuration. At that point, you will also assign a shared
>> secret for the client (i.e., the one that you set with -s option for
>> eapol_test).
>>
>> --
>> Jouni Malinen                                            PGP id EFC895FA
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080613/bbd26eeb/attachment.htm 



More information about the Hostap mailing list