Problems with EAP-TLS

Jouni Malinen j
Sun Nov 22 12:12:33 PST 2009

On Fri, Nov 20, 2009 at 07:51:56PM -0500, Christian Scheid wrote:

> Attached please find a more detailed trace with hex dumps of the
> received/sent packets. It looks to me that the supplicant is responding to
> id 4 but the server keeps resending the last id. Not sure why. Could it be a
> timing issue?

Thanks. It looks like there is something quite badly wrong in whatever
is translating these messages between the authentication server and the
EAP peer implementation from wpa_supplicant. Based on the certificate
names, I would assume this is using WiMAX and some kind of translation
of EAP information from there into wpa_supplicant code. This code is not
included in the wpa_supplicant repository nor have I seen it, so I
cannot provide more comments on what could be wrong there.

I would suggest checking the translation glue code between WiMAX and EAP
peer. It seems to be sending most EAP messages multiple times (id=1
once, id=2 twice, id=3 thrice, id=4 at least four times)..

Is the WiMAX glue code that is used here something that is available
under an open source license (or could be released as such)?

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list