EAP-TLS + internal crypto problem

Chuck Tuffli Chuck.Tuffli
Thu Jul 9 16:20:23 PDT 2009

On Thur, July 8, 2009 at 3:33 PM, Chuck Tuffli wrote:
> I upgraded to the 0.7.x supplicant and elected to use the internal
> crypto, but my EAP-TLS configuration no longer works. Previously I
> used 0.5.10 + OpenSSL against a FreeRadius server and this worked
> well. The only difference now in the setup (STA, AP, FreeRadius,
> configuration files, etc) is the new supplicant built with
> CONFIG_TLS=internal. Is this a problem with internal crypto or maybe
> with my certs?

I investigated this a little bit more and see from the log

PKCS #8: Does not start with PKCS #8 header (SEQUENCE); assume PKCS #8
not used
Trying to parse PKCS #1 encoded RSA private key
RSA: Expected SEQUENCE (public key) - found class 0 tag 0xd
TLSv1: Failed to parse private key
TLS: Failed to load private key
TLS: Failed to set TLS connection parameters

I think what this means is crypto_rsa_import_private_key() is expecting
a sequence corresponding to the private key, but instead gets a relative
OID (whatever that is). Is it possible to tell which PKCS scheme my
certficates use (i.e. PKCS #1, PKCS #2, ...)?


DSP Group, Inc. automatically scans all emails and attachments using MessageLabs Email Security System.

More information about the Hostap mailing list