Problems with EAP-TTLS/EAP-TLS

Carolin Latze carolin.latze
Fri Oct 24 05:36:19 PDT 2008

Sjors Gielen wrote:
> Carolin Latze wrote:
>> That gives more or less the same error. But I think that cannot be the
>> solution anyway since EAP-TTLS should not require client authentication
>> from what I know about EAP-TTLS, but I might be wrong. But I also think
>> the problem lies in the order of the statements.
>> I have another more general question: Does the EAP-TTLS module call the
>> EAP-TLS module? I mean it seems, that it works like that since I see my
>> old debug messages but is that really correct?
> Oops, missed this. According to this line in your wpa_supplicant.conf:
>         phase2="autheap=TLS"
> It does ;) Change that to
>         phase2="autheap=MD5"
> or
>         phase2="autheap=MSCHAPV2"
> (or something similar) and it will probably work :)

Tried that and still get

OpenSSL: tls_connection_engine_private_key - Private key failed 
verification error:140A30B1:SSL routines:SSL_check_private_key:no 
certificate assigned

:) But anyway, I really would like to have EAP-TTLS/EAP-TLS, which means 
to have mutual authentication inside a tunnel established with server 
authentication. Do you think that is possible?

Regards and Thanks for all those hints!

Carolin Latze
Research Assistant

Department of Computer Science
Boulevard de P?rolles 90
CH-1700 Fribourg

phone: +41 26 300 83 30

More information about the Hostap mailing list