Supplicant used different EAP type 13: (TLS)

Chr chunkeey
Fri Mar 28 15:31:13 PDT 2008


On Friday 28 March 2008 11:00:11 Jouni Malinen wrote:
> On Mon, Mar 24, 2008 at 08:10:50PM +0100, Chr wrote:
> > Well if I select "Smartcard or other certificate" and press "Properties"
> > then there's a checkbox like "Verify Server certificate" (or something
> > like that, I don't have the any English XP SP2)...
> >
> > hostap-0.5.10-default: --- this is with Win XP default config
> > ????????????????????????????????????????+ various reconnects
> > hostap-0.5.10-nondefault: --- "Verify Server certificate" disabled
> > ????????????????????????????????????????- (connects & work fine!)
>
> In the -default case, it looks like the client is sending out TLS alert
> after successful certificate validation. This is a bit odd time to send
> the alert, but maybe this is something that WinXP does with certain
> types of certificate validation steps fail. I would guess that this is
> caused by missing Server Authentication (OID 1.3.6.1.5.5.7.3.1) as
> Enhanced Key Usage in the server certificate. Please take a look at
> http://support.microsoft.com/kb/291010.

Yeap! 

I created a new sample certificate for hostapd...
hold my breath annd ... It's working!!
(As you can see... it was enough to add the "Server Authentication")

Thanks a bunch! :-)

Regards,
	Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: someone at somerhwdas.de-cert.pem
Type: application/x-x509-ca-cert
Size: 3001 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20080328/1f69c12f/attachment-0001.crt 



More information about the Hostap mailing list