wpa_supplicant WPA-EAP w/ encrypted keys doesn't work when run against openssl-1.1.0f
lsiudut at gmail.com
Thu Jun 1 08:45:26 PDT 2017
It seems that a long-lasting bug in openssl was fixed recently, what
makes wpa_supplicant unable to decode PEM-encrypted TLS keys. More
details in discussion on github
I don't want to describe bug from scratch here so I'll reuse
discussion on GH, will just paste links that points to the clue.
The issue is described with details by me on github:
The answer from openssl developer:
The bug was initially submitted at Arch Linux bugtracker:
https://bugs.archlinux.org/task/54233 , tl;dr it manifests itself as
errors on key-decryption phase:
> mai 29 13:28:23 mypc wpa_supplicant: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
> mai 29 13:28:23 mypc wpa_supplicant: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
> mai 29 13:28:23 mypc wpa_supplicant: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0)
> mai 29 13:28:23 mypc wpa_supplicant: TLS: Failed to load private key '/home/me/.certs/some_key.pem'
> mai 29 13:28:23 mypc wpa_supplicant: TLS: Failed to set TLS connection parameters
I guess that I can just leave you the decision how to handle that. Let
me know if you need more details, I'm happy to help.
More information about the Hostap