Problem with EAP-TLS connection to Atheros AR5002AP-2X AP
Dmitry Shmidt
dimitrysh
Sat Jul 26 14:39:43 PDT 2008
Hi,
Well, I just reproduced the same problem on resent Ubuntu on the laptop.
It seems like FreeRadius server reports the problem with certificates,
and therefore
the final "Hello" fails.
I am going to rebuild certificates for client.
Thanks,
Dmitry
On 7/26/08, Chr <chunkeey at web.de> wrote:
> On Friday 25 July 2008 19:22:41 Dmitry Shmidt wrote:
> > Hello,
> > I am trying to connect custom STA with 0.5.10 wpa_supplicant to
> > AR5002AP-2X with EAP-PEAP (works fine) and EAP-TLS (fails).
> > It fails with error:
> > SSL: SSL_connect:SSLv3 read server hello A
> > TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1
> > buf='/C=FR/ST=Radius/L=Somewhere/O=Example
> > Inc./emailAddress=admin at example.com/CN=Example Certificate Authority'
> > TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0
> > buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server
> > Certificate/emailAddress=admin at example.com'
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 read server certificate A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 read server key exchange A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 read server certificate request A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 read server done A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 write client certificate A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 write client key exchange A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 write certificate verify A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 write change cipher spec A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 write finished A
> > SSL: (where=0x1001 ret=0x1)
> > SSL: SSL_connect:SSLv3 flush data
> > SSL: (where=0x1002 ret=0xffffffff)
> > SSL: SSL_connect:error in SSLv3 read finished A
> > SSL: SSL_connect - want more data
> > SSL: 1368 bytes pending from ssl_out
> > SSL: 1368 bytes left to be sent out (of total 1368 bytes)
> > EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
> > EAP: EAP entering state SEND_RESPONSE
> > EAP: EAP entering state IDLE
> > EAPOL: SUPP_BE entering state RESPONSE
> > EAPOL: txSuppRsp
> > TX EAPOL - hexdump(len=1378): 01 00 05 5e ...
> > WPA: FULL TX EAPOL-Key - hexdump(len=1392): 00 03 7f ...
> > EAPOL: SUPP_BE entering state RECEIVE
> > wpa_driver_tista_event_receive called
> > wpa_driver_tista_receive_driver_event...
> > wpa_supplicant - EAPOL
> > RX EAPOL from 00:03:7f:bf:14:6d
> > RX EAPOL - hexdump(len=8): 01 00 00 04 04 14 00 04
> > EAPOL: Received EAP-Packet frame
> > EAPOL: SUPP_BE entering state REQUEST
> > EAPOL: getSuppRsp
> > EAP: EAP entering state RECEIVED
> > EAP: Received EAP-Failure
> > EAP: EAP entering state FAILURE
> > CTRL-EVENT-EAP-FAILURE EAP authentication failed
> >
> > Is it wpa_supplicant issue or AP configuration problem ?
> That's funny... Do you use a recent debian / ubuntu?
> Because I have the same problem here (the same
> accesspoint with madwifi hostapd, WPA-EAP TLS).
>
> I think that this mess started sometime ago with an
> openssl update... I'll report back when I have more
> data, since it's a bit painful to get openssl compiled
> on a small laptop.
>
> Regards
> Chr.
>
More information about the Hostap
mailing list