Hostapd didn't ACK fragmented EAP-TLS frame

Jouni Malinen j
Wed Jan 21 06:13:27 PST 2015

On Wed, Jan 21, 2015 at 11:51:52AM +0100, Olivier Cochard-Labb? wrote:
> I'm using FreeBSD 11.0-CURRENT r277315 and meet a problem with my FreeBSD
> Access Point on an EAP-TLS setup.

Are you using an external RADIUS authentication server or hostapd as the
EAP server?

> But hostapd never ACK this first fragmented packet received from the
> supplicant

I would need to see hostapd debug log from such a case to be able to
figure out what happened.

> => it's a fragmented EAP-TLS (Lenght: 3524, More Fragment set).
> Then once this first fragment received, hostapd should ACK this fragment by
> an empty EAP-TLS frame... but it didn't send it.
> I've checked the eap_server/eap_server_tls common.c file and see lot's of
> wpa_printf() regarding EAP-TLS and SSL that can help me to debug it. But I
> didn't reach to enable this debug mode (event by starting hostapd with -dd).
> How to display theses EAP-TLS/SSL debug messages ?

If you do not hit that code path, it would sound like you would not be
using hostapd as the EAP server. Please make hostapd debug log available
somewhere if you want more detailed analysis of what happened.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list