802.1x wired EAP authentication failed by using wpa_supplicant
Haohao Lee
hayatelee
Mon May 11 22:46:04 PDT 2015
Hi all,
I'm using wpa_supplicant with OpenWrt to auth my corporation network but
failed.
The version is wpa_supplicant v2.3-devel and the command line is:
wpa_supplicant -i eth2 -c /etc/wpa_supplicant.conf -D wired -dd
The conf is:
ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=root
> ap_scan=0
> network={
> key_mgmt=IEEE8021X
> eap=PEAP
> identity="username"
> password="password"
> phase2="auth=MSCHAPV2"
> priority=2
> }
The result is:
Successfully initialized wpa_supplicant
> eth2: Associated with xx:xx:xx:xx:xx:xx
> eth2: CTRL-EVENT-EAP-STARTED EAP authentication started
> eth2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
> eth2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
> X509: Certificate not valid (now=1431398943 not_before=1410401515
> not_after=28799)
> eth2: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Note that not_after is less than not_before, which is weird.
My corporation uses self-issued cert, whose validity is from 2014 to 2063.
Is this a bug?
ps: I can use phase1="tls_disable_time_checks=1" to get around this, bu it
is not safe, is it?
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150512/e761c3b6/attachment.htm>
More information about the Hostap
mailing list