Hostap SSL Error
Satya Prakash Prasad
satyaprakash.developer.unix at gmail.com
Fri Mar 8 20:47:50 PST 2024
Hi,
I am trying to test out EAP TLS connection to peer using hostapd
daemon but in its logs I see below error -
SSL: SSL_accept:error in SSLv3/TLS write server done
SSL: SSL_connect - want more data
SSL: 1499 bytes pending from ssl_out
SSL: SSL_accept:error in SSLv3/TLS write server done
SSL: SSL_connect - want more data
SSL: 0 bytes pending from ssl_out
SSL: SSL_accept:error in SSLv3/TLS write server done
SSL: SSL_connect - want more data
Finally
SSL: SSL_accept:error in error
OpenSSL: openssl_handshake - SSL_connect error:14094419:SSL
routines:ssl3_read_bytes:tlsv1 alert access denied
SSL: 0 bytes pending from ssl_out
SSL: Failed - tls_out available to report error
EAP-TLS: CONTINUE -> FAILURE
Please find below the complete logs for your reference - please let me
know whats the issue is and how to resolve the same:
RTNETLINK answers: File exists
random: getrandom() support available
Configuration file: data/eap/hostap-standalone/hostapd.conf
Opening raw packet socket for ifindex 4
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
Using existing control interface directory.
eaptest1: IEEE 802.11 Fetching hardware channel/rate support not supported.
Completing interface initialization
hostapd_setup_bss(hapd=0x14220a8 (eaptest1), first=1)
Using interface eaptest1 with hwaddr 02:11:11:11:11:11 and ssid ""
TLS: Trusted root certificate(s) loaded
OpenSSL: tls_use_private_key_file (PEM) --> loaded
OpenSSL: Enabled cipher suites in priority order
Cipher 0: TLS_AES_256_GCM_SHA384
Cipher 1: TLS_CHACHA20_POLY1305_SHA256
Cipher 2: TLS_AES_128_GCM_SHA256
Cipher 3: ECDHE-ECDSA-AES256-GCM-SHA384
Cipher 4: ECDHE-RSA-AES256-GCM-SHA384
Cipher 5: DHE-RSA-AES256-GCM-SHA384
Cipher 6: ECDHE-ECDSA-CHACHA20-POLY1305
Cipher 7: ECDHE-RSA-CHACHA20-POLY1305
Cipher 8: DHE-RSA-CHACHA20-POLY1305
Cipher 9: ECDHE-ECDSA-AES128-GCM-SHA256
Cipher 10: ECDHE-RSA-AES128-GCM-SHA256
Cipher 11: DHE-RSA-AES128-GCM-SHA256
Cipher 12: ECDHE-ECDSA-AES256-SHA384
Cipher 13: ECDHE-RSA-AES256-SHA384
Cipher 14: DHE-RSA-AES256-SHA256
Cipher 15: ECDHE-ECDSA-AES128-SHA256
Cipher 16: ECDHE-RSA-AES128-SHA256
Cipher 17: DHE-RSA-AES128-SHA256
Cipher 18: ECDHE-ECDSA-AES256-SHA
Cipher 19: ECDHE-RSA-AES256-SHA
Cipher 20: DHE-RSA-AES256-SHA
Cipher 21: ECDHE-ECDSA-AES128-SHA
Cipher 22: ECDHE-RSA-AES128-SHA
Cipher 23: DHE-RSA-AES128-SHA
Cipher 24: RSA-PSK-AES256-GCM-SHA384
Cipher 25: DHE-PSK-AES256-GCM-SHA384
Cipher 26: RSA-PSK-CHACHA20-POLY1305
Cipher 27: DHE-PSK-CHACHA20-POLY1305
Cipher 28: ECDHE-PSK-CHACHA20-POLY1305
Cipher 29: AES256-GCM-SHA384
Cipher 30: PSK-AES256-GCM-SHA384
Cipher 31: PSK-CHACHA20-POLY1305
Cipher 32: RSA-PSK-AES128-GCM-SHA256
Cipher 33: DHE-PSK-AES128-GCM-SHA256
Cipher 34: AES128-GCM-SHA256
Cipher 35: PSK-AES128-GCM-SHA256
Cipher 36: AES256-SHA256
Cipher 37: AES128-SHA256
Cipher 38: ECDHE-PSK-AES256-CBC-SHA384
Cipher 39: ECDHE-PSK-AES256-CBC-SHA
Cipher 40: SRP-RSA-AES-256-CBC-SHA
Cipher 41: SRP-AES-256-CBC-SHA
Cipher 42: RSA-PSK-AES256-CBC-SHA384
Cipher 43: DHE-PSK-AES256-CBC-SHA384
Cipher 44: RSA-PSK-AES256-CBC-SHA
Cipher 45: DHE-PSK-AES256-CBC-SHA
Cipher 46: AES256-SHA
Cipher 47: PSK-AES256-CBC-SHA384
Cipher 48: PSK-AES256-CBC-SHA
Cipher 49: ECDHE-PSK-AES128-CBC-SHA256
Cipher 50: ECDHE-PSK-AES128-CBC-SHA
Cipher 51: SRP-RSA-AES-128-CBC-SHA
Cipher 52: SRP-AES-128-CBC-SHA
Cipher 53: RSA-PSK-AES128-CBC-SHA256
Cipher 54: DHE-PSK-AES128-CBC-SHA256
Cipher 55: RSA-PSK-AES128-CBC-SHA
Cipher 56: DHE-PSK-AES128-CBC-SHA
Cipher 57: AES128-SHA
Cipher 58: PSK-AES128-CBC-SHA256
Cipher 59: PSK-AES128-CBC-SHA
OpenSSL: Configured certificate chain
0: /C=w2/ST=w2/L=w2/O=w2/OU=w2/CN=w2/emailAddress=w2 (RSA)
0391777920B605C8FFAB64A1E46FB9085CB0FF7B
eaptest1: Deauthenticate all stations at BSS start
eaptest1: interface state UNINITIALIZED->ENABLED
eaptest1: AP-ENABLED
eaptest1: Setup of interface done.
ctrl_iface not configured!
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
Data frame from unknown STA 00:1b:08:00:8c:94 - adding a new STA
New STA
ap_sta_add: register ap_handle_timer timeout for 00:1b:08:00:8c:94
(300 seconds - ap_max_inactivity)
EAP: Server state machine created
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state IDLE
IEEE 802.1X: 00:1b:08:00:8c:94 CTRL_DIR entering state FORCE_BOTH
eaptest1: hostapd_new_assoc_sta: canceled wired ap_handle_timer
timeout for 00:1b:08:00:8c:94
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from 00:1b:08:00:8c:94
IEEE 802.1X: version=2 type=1 length=0
ignoring 42 extra octets after IEEE 802.1X packet
IEEE 802.1X: 00:1b:08:00:8c:94 AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: 00:1b:08:00:8c:94 AUTH_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
eaptest1: CTRL-EVENT-EAP-STARTED 00:1b:08:00:8c:94
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: no identity known yet -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 1
eaptest1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 103
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1b:08:00:8c:94 AUTH_PAE entering state CONNECTING
IEEE 802.1X: 00:1b:08:00:8c:94 AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from 00:1b:08:00:8c:94
IEEE 802.1X: version=2 type=0 length=9
ignoring 33 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=103 length=9
(response)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=103 respMethod=1
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-Identity: Peer identity - hexdump_ascii(len=4):
75 73 65 72 user
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: another method available -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 13
eaptest1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 104
EAP-TLS: START -> CONTINUE
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 212 bytes from 00:1b:08:00:8c:94
IEEE 802.1X: version=2 type=0 length=208
EAP: code=2 identifier=104 length=208
(response)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=104 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=208) - Flags 0x00
SSL: Received data - hexdump(len=202): 16 03 03 00 c5 01 00 00 c1 03
03 25 9e 9e 19 53 0f 8a fb c7 45 36 b9 a9 63 b4 f1 c4 cb 73 8b ce a7
40 3d 4d 60 6b 6e 07 4e c5 d3 00 00 50 cc a8 cc a9 cc aa c0 2c c0 30
00 9f c0 ad c0 9f c0 24 c0 28 00 6b c0 0a c0 14 00 39 c0 af c0 a3 c0
2b c0 2f 00 9e c0 ac c0 9e c0 23 c0 27 00 67 c0 09 c0 13 00 33 c0 ae
c0 a2 00 9d c0 9d 00 3d 00 35 c0 a1 00 9c c0 9c 00 3c 00 2f c0 a0 00
ff 01 00 00 48 00 0d 00 16 00 14 06 03 06 01 05 03 05 01 04 03 04 01
03 03 03 01 02 03 02 01 00 0a 00 18 00 16 00 19 00 1c 00 18 00 1b 00
17 00 16 00 1a 00 15 00 14 00 13 00 12 00 0b 00 02 01 00 00 16 00 00
00 17 00 00 00 23 00 00
SSL: Received packet: Flags 0x0 Message Length 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before SSL initialization
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before SSL initialization
OpenSSL: RX ver=0x304 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=197): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS read client hello
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): [REMOVED]
OpenSSL: Server selected cipher suite 0xcca8
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write server hello
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=855): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write certificate
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=401): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write key exchange
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate request)
OpenSSL: Message - hexdump(len=153): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write certificate request
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write server done
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3/TLS write server done
SSL: SSL_connect - want more data
SSL: 1499 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 105
SSL: Generating Request
SSL: Sending out 1393 bytes (106 more to send)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from 00:1b:08:00:8c:94
IEEE 802.1X: version=2 type=0 length=6
ignoring 36 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=105 length=6
(response)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=105 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=6) - Flags 0x00
SSL: Received data - hexdump(len=0):
SSL: Received packet: Flags 0x0 Message Length 0
SSL: Fragment acknowledged
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 106
SSL: Generating Request
SSL: Sending out 106 bytes (message sent completely)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
IEEE 802.1X: 00:1b:08:00:8c:94 - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
eaptest1: CTRL-EVENT-EAP-RETRANSMIT 00:1b:08:00:8c:94
EAP: EAP entering state IDLE
EAP: retransmit timeout 6 seconds (from dynamic back off; retransCount=1)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from 00:1b:08:00:8c:94
IEEE 802.1X: version=2 type=0 length=6
ignoring 36 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=106 length=6
(response)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=106 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=6) - Flags 0x00
SSL: Received data - hexdump(len=0):
SSL: Received packet: Flags 0x0 Message Length 0
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3/TLS write server done
SSL: SSL_connect - want more data
SSL: 0 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 107
SSL: Generating Request
SSL: Sending out 0 bytes (message sent completely)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from 00:1b:08:00:8c:94
IEEE 802.1X: version=2 type=0 length=6
ignoring 36 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=106 length=6
(response)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=106 respMethod=13
respVendor=0 respVendorMethod=0
EAP: RECEIVED->DISCARD: rxResp=1 respId=106 currentId=107
respMethod=13 currentMethod=13
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state IGNORE
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: 00:1b:08:00:8c:94 - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
eaptest1: CTRL-EVENT-EAP-RETRANSMIT 00:1b:08:00:8c:94
EAP: EAP entering state IDLE
EAP: retransmit timeout 6 seconds (from dynamic back off; retransCount=1)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: 00:1b:08:00:8c:94 - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
eaptest1: CTRL-EVENT-EAP-RETRANSMIT 00:1b:08:00:8c:94
EAP: EAP entering state IDLE
EAP: retransmit timeout 12 seconds (from dynamic back off; retransCount=2)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: 00:1b:08:00:8c:94 - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
eaptest1: CTRL-EVENT-EAP-RETRANSMIT 00:1b:08:00:8c:94
EAP: EAP entering state IDLE
EAP: retransmit timeout 20 seconds (from dynamic back off; retransCount=3)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: 00:1b:08:00:8c:94 - aWhile --> 0
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: 00:1b:08:00:8c:94 - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
eaptest1: CTRL-EVENT-EAP-RETRANSMIT 00:1b:08:00:8c:94
EAP: EAP entering state IDLE
EAP: retransmit timeout 20 seconds (from dynamic back off; retransCount=4)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: 00:1b:08:00:8c:94 - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
eaptest1: CTRL-EVENT-EAP-RETRANSMIT 00:1b:08:00:8c:94
EAP: EAP entering state IDLE
EAP: retransmit timeout 20 seconds (from dynamic back off; retransCount=5)
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state REQUEST
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: 00:1b:08:00:8c:94 - (EAP) retransWhile --> 0
EAP: EAP entering state RETRANSMIT
eaptest1: CTRL-EVENT-EAP-RETRANSMIT 00:1b:08:00:8c:94
EAP: EAP entering state TIMEOUT_FAILURE
eaptest1: CTRL-EVENT-EAP-TIMEOUT-FAILURE 00:1b:08:00:8c:94
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state TIMEOUT
IEEE 802.1X: 00:1b:08:00:8c:94 AUTH_PAE entering state ABORTING
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state INITIALIZE
eaptest1: EAP Timeout, STA 00:1b:08:00:8c:94
eaptest1: ap_sta_disconnect STA 00:1b:08:00:8c:94 reason=2
eaptest1: ap_sta_disconnect: reschedule ap_handle_timer timeout for
00:1b:08:00:8c:94 (5 seconds - AP_MAX_INACTIVITY_AFTER_DEAUTH)
IEEE 802.1X: 00:1b:08:00:8c:94 AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:1b:08:00:8c:94 BE_AUTH entering state IDLE
EAP: EAP entering state DISABLED
eaptest1: Deauthentication callback for STA 00:1b:08:00:8c:94
eaptest1: Removing STA 00:1b:08:00:8c:94 from kernel driver
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
eaptest1: ap_handle_timer: 00:1b:08:00:8c:94 flags=0x40000000 timeout_next=3
eaptest1: STA 00:1b:08:00:8c:94 IEEE 802.11: deauthenticated due to
local deauth request
ap_free_sta: cancel ap_handle_timer for 00:1b:08:00:8c:94
EAP: Server state machine removed
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
Data frame from unknown STA c0:18:03:27:27:5c - adding a new STA
New STA
ap_sta_add: register ap_handle_timer timeout for c0:18:03:27:27:5c
(300 seconds - ap_max_inactivity)
EAP: Server state machine created
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state IDLE
IEEE 802.1X: c0:18:03:27:27:5c CTRL_DIR entering state FORCE_BOTH
eaptest1: hostapd_new_assoc_sta: canceled wired ap_handle_timer
timeout for c0:18:03:27:27:5c
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from c0:18:03:27:27:5c
IEEE 802.1X: version=1 type=1 length=0
ignoring 42 extra octets after IEEE 802.1X packet
IEEE 802.1X: c0:18:03:27:27:5c AUTH_PAE entering state DISCONNECTED
IEEE 802.1X: c0:18:03:27:27:5c AUTH_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
eaptest1: CTRL-EVENT-EAP-STARTED c0:18:03:27:27:5c
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: no identity known yet -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 1
eaptest1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 198
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: c0:18:03:27:27:5c AUTH_PAE entering state CONNECTING
IEEE 802.1X: c0:18:03:27:27:5c AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from c0:18:03:27:27:5c
IEEE 802.1X: version=1 type=0 length=35
ignoring 7 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=198 length=35
(response)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=198 respMethod=1
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-Identity: Peer identity - hexdump_ascii(len=30):
68 6f 73 74 2f 50 43 2d 43 4e 44 31 35 31 35 4b host/PC-CND1515K
4e 48 2e 64 61 6e 66 6f 73 73 2e 6e 65 74 NH.danfoss.net
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: another method available -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: vendor 0 type 13
eaptest1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 199
EAP-TLS: START -> CONTINUE
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from c0:18:03:27:27:5c
IEEE 802.1X: version=1 type=0 length=35
ignoring 7 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=115 length=35
(response)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=115 respMethod=1
respVendor=0 respVendorMethod=0
EAP: RECEIVED->DISCARD: rxResp=1 respId=115 currentId=199 respMethod=1
currentMethod=13
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state IGNORE
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 265 bytes from c0:18:03:27:27:5c
IEEE 802.1X: version=1 type=0 length=261
EAP: code=2 identifier=199 length=261
(response)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=199 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=261) - Flags 0x80
SSL: Received data - hexdump(len=255): 00 00 00 fb 16 03 01 00 f6 01
00 00 f2 03 03 4f 55 8e e8 29 ad ca f0 c5 be ed 00 0c c2 0d d5 dd 52
7b 1f 39 ba c2 4a 7f 31 e2 77 74 ab 19 b3 20 7b a8 a2 f3 d6 3f 27 0d
e9 d6 94 df e3 85 5e 2d 18 48 dc ac f0 c8 e0 6d 4c 5f 4d 00 43 6e d8
fa 00 28 13 02 13 01 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27
c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 01 00 00
81 00 05 00 05 01 00 00 00 00 00 2b 00 09 08 03 04 03 03 03 02 03 01
00 0d 00 1a 00 18 08 04 08 05 08 06 04 01 05 01 02 01 04 03 05 03 02
03 02 02 06 01 06 03 00 23 00 00 00 0a 00 08 00 06 00 1d 00 17 00 18
00 33 00 26 00 24 00 1d 00 20 a1 40 27 1c b3 29 76 c7 c7 ba ee c7 b8
79 ac fe a5 04 02 b4 a3 10 cb 2d e8 62 5a 09 5a 9b 41 75 00 31 00 00
00 17 00 00 ff 01 00 01 00 00 2d 00 02 01 01
SSL: TLS Message Length: 251
SSL: Received packet: Flags 0x80 Message Length 251
SSL: (where=0x10 ret=0x1)
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before SSL initialization
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before SSL initialization
OpenSSL: RX ver=0x304 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=246): [REMOVED]
OpenSSL: OCSP status callback - no response configured
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS read client hello
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=53): [REMOVED]
OpenSSL: Server selected cipher suite 0xc030
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write server hello
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=855): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write certificate
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=300): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write key exchange
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate request)
OpenSSL: Message - hexdump(len=153): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write certificate request
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: TX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): [REMOVED]
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3/TLS write server done
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3/TLS write server done
SSL: SSL_connect - want more data
SSL: 1390 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 200
SSL: Generating Request
SSL: Sending out 1390 bytes (message sent completely)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state REQUEST
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 265 bytes from c0:18:03:27:27:5c
IEEE 802.1X: version=1 type=0 length=261
EAP: code=2 identifier=116 length=261
(response)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=116 respMethod=13
respVendor=0 respVendorMethod=0
EAP: RECEIVED->DISCARD: rxResp=1 respId=116 currentId=200
respMethod=13 currentMethod=13
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state IGNORE
Received EAPOL packet
eaptest1: Event NEW_STA (22) received
eaptest1: Event EAPOL_RX (23) received
IEEE 802.1X: 46 bytes from c0:18:03:27:27:5c
IEEE 802.1X: version=1 type=0 length=17
ignoring 25 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=200 length=17
(response)
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=200 respMethod=13
respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=17) - Flags 0x80
SSL: Received data - hexdump(len=11): 00 00 00 07 15 03 03 00 02 02 31
SSL: TLS Message Length: 7
SSL: Received packet: Flags 0x80 Message Length 7
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
OpenSSL: RX ver=0x303 content_type=21 (alert/)
OpenSSL: Message - hexdump(len=2): [REMOVED]
SSL: (where=0x4004 ret=0x231)
SSL: SSL3 alert: read (remote end reported an error):fatal:access denied
authsrv: remote TLS alert: access denied
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in error
OpenSSL: openssl_handshake - SSL_connect error:14094419:SSL
routines:ssl3_read_bytes:tlsv1 alert access denied
SSL: 0 bytes pending from ssl_out
SSL: Failed - tls_out available to report error
EAP-TLS: CONTINUE -> FAILURE
OpenSSL: Session was not cached
EAP: Session-Id - hexdump(len=0): [NULL]
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method failed -> FAILURE
EAP: EAP entering state FAILURE
EAP: Building EAP-Failure (id=200)
eaptest1: CTRL-EVENT-EAP-FAILURE c0:18:03:27:27:5c
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state FAIL
IEEE 802.1X: c0:18:03:27:27:5c AUTH_PAE entering state HELD
eaptest1: IEEE 802.1X: Force disconnection of c0:18:03:27:27:5c after
EAP-Failure in 10 ms
IEEE 802.1X: c0:18:03:27:27:5c BE_AUTH entering state IDLE
eaptest1: IEEE 802.1X: Scheduled disconnection of c0:18:03:27:27:5c
after EAP-Failure
eaptest1: ap_sta_disconnect STA c0:18:03:27:27:5c reason=23
eaptest1: ap_sta_disconnect: reschedule ap_handle_timer timeout for
c0:18:03:27:27:5c (5 seconds - AP_MAX_INACTIVITY_AFTER_DEAUTH)
IEEE 802.1X: c0:18:03:27:27:5c AUTH_PAE entering state INITIALIZE
EAP: EAP entering state DISABLED
eaptest1: Deauthentication callback for STA c0:18:03:27:27:5c
eaptest1: Removing STA c0:18:03:27:27:5c from kernel driver
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
IEEE 802.1X: c0:18:03:27:27:5c - (EAP) retransWhile --> 0
eaptest1: ap_handle_timer: c0:18:03:27:27:5c flags=0x40000000 timeout_next=3
eaptest1: STA c0:18:03:27:27:5c IEEE 802.11: deauthenticated due to
local deauth request
ap_free_sta: cancel ap_handle_timer for c0:18:03:27:27:5c
EAP: Server state machine removed
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
VLAN: RTM_NEWLINK: ifi_index=3 ifname=wlan0 ifi_family=0 ifi_flags=0x1003 ([UP])
VLAN: vlan_newlink(wlan0)
client_loop: send disconnect: Connection reset
Regards,
Prakash
More information about the Hostap
mailing list