applying openssl patch for EAP-FAST support

Paresh Sawant paresh.sawant
Mon Oct 20 04:50:48 PDT 2008


I succeeded to build hostapd with support for FAST. Now I'm trying to
associate wpa_supplicant with hostapd using EAP-FAST.

I'm running wpa_supplicant on windows XP, and I have patched openssl to
support EAP-FAST. Following is my configured network block -

network={
    ssid="hostap-wpa2-ent"
    scan_ssid=1
    key_mgmt=WPA-EAP
    proto=WPA2
    pairwise=CCMP
    group=CCMP
    eap=FAST
    anonymous_identity="user"
    phase1="fast_provisioning=1"
    pac_file="C:\test.pac"
    identity="user"
    password="testing"
    ca_cert="C:\ca.der"
    client_cert="C:\client.der"
    private_key="C:\clientkey.der"
}

wpa_supplicant receives EAP failure from hostapd after it sends client
hello. I see following error logs at hostapd end-

<-------------START

ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: received EAP packet (code=2 id=28
len=56) from STA: EAP Response-FAST (43)
IEEE 802.1X: 00:13:02:0c:fc:29 BE_AUTH entering state RESPONSE
IEEE 802.1X: 00:13:02:0c:fc:29 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:13:02:0c:fc:29 REAUTH_TIMER entering state INITIALIZE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=28 respMethod=43 respVendor=0
respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=56) - Flags 0x01
SSL: Received packet: Flags 0x1 Message Length 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before/accept initialization
EAP-FAST: SessionTicket callback
EAP-FAST: SessionTicket (PAC-Opaque) - hexdump(len=0): [NULL]
EAP-FAST: Ignore invalid SessionTicket
SSL: (where=0x4008 ret=0x228)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:handshake
failure
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3 read client hello C
OpenSSL: tls_connection_server_handshake - SSL_accept error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
SSL: TLS processing failed
EAP-FAST: TLS processing failed
EAP-FAST: PHASE1 -> FAILURE
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method failed -> FAILURE
EAP: EAP entering state FAILURE
EAP: Building EAP-Failure (id=28)
IEEE 802.1X: 00:13:02:0c:fc:29 BE_AUTH entering state FAIL
ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: Sending EAP Packet (identifier 28)
TX EAPOL - hexdump(len=22): 00 13 02 0c fc 29 00 18 4d ed 65 db 88 8e 02 00
00 04 04 1c 00 04
IEEE 802.1X: 00:13:02:0c:fc:29 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:13:02:0c:fc:29 AUTH_PAE entering state HELD
madwifi_set_sta_authorized: addr=00:13:02:0c:fc:29 authorized=0
ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: unauthorizing port
ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: authentication failed - EAP type: 0
(Unknown)
ath0: STA 00:13:02:0c:fc:29 IEEE 802.1X: Supplicant used different EAP type:
43 (FAST)
IEEE 802.1X: 00:13:02:0c:fc:29 BE_AUTH entering state IDLE

END----------------->

Any idea where I'm going wrong?

Thanks
- Paresh


On Thu, Oct 16, 2008 at 7:58 PM, Jouni Malinen <j at w1.fi> wrote:

> On Thu, Oct 16, 2008 at 01:22:56PM +0530, Paresh Sawant wrote:
>
> > I have downloaded 0.6.4 dev release, but I don't get how to build the
> code.
> > I see folder src along with hostap and patches, is it documented anywhere
> > how to build this 0.6.4 release?
>
> Did you take a look at the README file that is in the root directory of
> the package?
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20081020/1084583f/attachment.html 



More information about the Hostap mailing list