wpa_supplicant WPA-EAP w/ encrypted keys doesn't work when run against openssl-1.1.0f
Łukasz Siudut
lsiudut at gmail.com
Thu Jun 1 08:45:26 PDT 2017
Hello everyone,
It seems that a long-lasting bug in openssl was fixed recently, what
makes wpa_supplicant unable to decode PEM-encrypted TLS keys. More
details in discussion on github
https://github.com/openssl/openssl/issues/3594 .
I don't want to describe bug from scratch here so I'll reuse
discussion on GH, will just paste links that points to the clue.
The issue is described with details by me on github:
- https://github.com/openssl/openssl/issues/3594#issuecomment-305485782
The answer from openssl developer:
- https://github.com/openssl/openssl/issues/3594#issuecomment-305493300
The bug was initially submitted at Arch Linux bugtracker:
https://bugs.archlinux.org/task/54233 , tl;dr it manifests itself as
errors on key-decryption phase:
> mai 29 13:28:23 mypc wpa_supplicant[3208]: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
> mai 29 13:28:23 mypc wpa_supplicant[3208]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
> mai 29 13:28:23 mypc wpa_supplicant[3208]: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0)
> mai 29 13:28:23 mypc wpa_supplicant[3208]: TLS: Failed to load private key '/home/me/.certs/some_key.pem'
> mai 29 13:28:23 mypc wpa_supplicant[3208]: TLS: Failed to set TLS connection parameters
I guess that I can just leave you the decision how to handle that. Let
me know if you need more details, I'm happy to help.
lsiudut
More information about the Hostap
mailing list