wpa not working with server ca

Rocci rocci
Tue May 3 16:44:17 PDT 2005 

Hi there,
I once had this working on my university network but it no longer works.
I have since upgraded my kernel and other aspects of my OS.
Recompiled madwifi & wpa_supplicant on new linux kernel.
WPA-PSK works fine on my PSK network at home but I can no longer get 
this to work on my university network.
My wpa_supplicant config is as follows:
eapol_version=1
ap_scan=1
fast_reauth=1
network={
        ssid="ACHERNAR-BG"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        pairwise=CCMP TKIP
        group=CCMP TKIP
        identity="username"
        password="mypassword"
        ca_cert="/etc/cert/cert.cer"
        phase1="peapver=1 peaplabel=0"
        phase2="auth=MSCHAPV2"
        priority=1
}



The output from wpa_supplicant -d -i ath0 -c /etc/wpa_supplicant.conf is:

root at roklptop:~# wpa_supplicant -d -i ath0 -c /etc/wpa_supplicant.conf
Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 
'default'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
eapol_version=2
ap_scan=1
Priority group 1
   id=0 ssid='ACHERNAR-BG'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Own MAC address: 00:0f:3d:87:17:c6
wpa_driver_madwifi_set_wpa: enabled=1
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=11):
     41 43 48 45 52 4e 41 52 2d 42 47                  ACHERNAR-BG
Wireless event: cmd=0x8b1a len=24
Wireless event: cmd=0x8b19 len=12
Received 963 bytes of scan results (4 BSSes)
Scan results: 4
Selecting BSS from priority group 1
0: 00:11:93:24:a3:e0 ssid='ACHERNAR-BG' wpa_ie_len=26 rsn_ie_len=0
   selected
Trying to associate with 00:11:93:24:a3:e0 (SSID='ACHERNAR-BG' freq=2462 
MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 
01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=24
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:11:93:24:a3:e0
Association event - clear replay counter
Associated to a new BSS: BSSID=00:11:93:24:a3:e0
No keys have been configured - skip key clearing
Associated with 00:11:93:24:a3:e0
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RX EAPOL from 00:11:93:24:a3:e0
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
     "ASCII values of username"                               username
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:11:93:24:a3:e0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
     "ASCII values of username"                               username
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:11:93:24:a3:e0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=17 id=180
EAP: EAP entering state GET_METHOD
EAP: Building EAP-Nak (requested type 17 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:11:93:24:a3:e0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=181
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (25, PEAP)
EAP-PEAP: Forced PEAP version 0
EAP-PEAP: Phase2 EAP types - hexdump(len=1): 1a
TLS: Trusted root certificate(s) loaded
EAP: EAP entering state METHOD
EAP-PEAP: Received packet(len=6) - Flags 0x21
EAP-PEAP: Start (server ver=1, own ver=0)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 100 bytes pending from ssl_out
SSL: 100 bytes left to be sent out (of total 100 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
EAPOL: SUPP_BE entering state TIMEOUT
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:11:93:24:a3:e0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (25, PEAP) at INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=182
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
     "ASCII values of username"                               username
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:11:93:24:a3:e0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=17 id=194
EAP: EAP entering state GET_METHOD
EAP: Building EAP-Nak (requested type 17 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:11:93:24:a3:e0
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=195
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (25, PEAP)
EAP-PEAP: Forced PEAP version 0
EAP-PEAP: Phase2 EAP types - hexdump(len=1): 1a
TLS: Trusted root certificate(s) loaded
TLS - SSL error: error:0B07C065:x509 certificate 
routines:X509_STORE_add_cert:cert already in hash table
EAP: EAP entering state METHOD
EAP-PEAP: Received packet(len=6) - Flags 0x21
EAP-PEAP: Start (server ver=1, own ver=0)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 100 bytes pending from ssl_out
SSL: 100 bytes left to be sent out (of total 100 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
Signal 2 received - terminating
wpa_driver_madwifi_deauthenticate
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
wpa_driver_madwifi_set_wpa: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=0
wpa_driver_madwifi_set_countermeasures: enabled=0
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
...


The following lines concern me but I'm not sure what exactly they mean:
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
...
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
EAPOL: SUPP_BE entering state TIMEOUT
...

Any help or pointers would be greatly appreciated.
Thanks
Rocci.

More information about the Hostap mailing list