802.1x wired EAP authentication failed by using wpa_supplicant

Haohao Lee hayatelee
Mon May 11 22:46:04 PDT 2015

Hi all,

I'm using wpa_supplicant with OpenWrt to auth my corporation network but

The version is wpa_supplicant v2.3-devel and the command line is:

wpa_supplicant -i eth2 -c /etc/wpa_supplicant.conf -D wired -dd

The conf is:

> ctrl_interface_group=root
> ap_scan=0
> network={
>        key_mgmt=IEEE8021X
>        eap=PEAP
>        identity="username"
>        password="password"
>        phase2="auth=MSCHAPV2"
>        priority=2
> }

The result is:
 Successfully initialized wpa_supplicant

> eth2: Associated with xx:xx:xx:xx:xx:xx
> eth2: CTRL-EVENT-EAP-STARTED EAP authentication started
> eth2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
> eth2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
> X509: Certificate not valid (now=1431398943 not_before=1410401515
> not_after=28799)
> eth2: CTRL-EVENT-EAP-FAILURE EAP authentication failed

Note that not_after is less than not_before, which is weird.

My corporation uses self-issued cert, whose validity is from 2014 to 2063.

Is this a bug?

ps: I can use phase1="tls_disable_time_checks=1" to get around this, bu it
is not safe, is it?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150512/e761c3b6/attachment.htm>

More information about the Hostap mailing list