EAP TLS failure - bad certificate?

Bar, Eitan eitanb
Mon Jan 8 03:27:53 PST 2007 

Hi,

While trying to integrate and test TLS using my WLAN driver, I encountered an error regarding the certificate file.

I have a local dot-net radius server, using root and client certificates issued by it. I have also exported the private key to a file.

The connection itself fails after the radius sends its certificate.

When I run "openssl verify -CAfile my_new_root.pem eitan_my.cer" (NOT on the target platform), I get: "eitan_my.cer: OK". 
Does this mean the certificate is ok?

Please help? :)

 Eitan

----------------------------------------------------------------------------

Configuration file:
ap_scan=2
network={
        ssid="eitan"
        key_mgmt=WPA-EAP
        eap=TLS
        pairwise=TKIP
        group=TKIP
        identity="wireless"
        ca_cert="/voice/root/my_new_root.pem"
        client_cert="/voice/my/eitan_my.cer"
        private_key="/voice/my/eitan.prv"
        private_key_passwd="access"
}

Suspicious log from wpa_supplicant (when reading the root certificate
------------------------------------------------------------------------

TLS: Trusted root certificate(s) loaded
OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib
OpenSSL: SSL_use_certificate_file (PEM) --> OK
OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D094065:asn1 encoding routines:d2i_ASN1_SET:bad class
OpenSSL: pending error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
OpenSSL: pending error: error:140CB00D:SSL routines:SSL_use_PrivateKey_file:ASN1 lib
OpenSSL: SSL_use_PrivateKey_File (PEM) --> OK
SSL: Private key loaded successfully

More information about the Hostap mailing list