Problems with EAP-TTLS/EAP-TLS
Carolin Latze
carolin.latze
Fri Oct 24 05:21:54 PDT 2008
>> hm... if I use it with "client_cert" (without number) I get
>>
>> AP-TTLS: AVP: code=79 flags=0x40 length=14
>> EAP-TTLS: AVP data - hexdump(len=6): 01 01 00 06 0d 20
>> EAP-TTLS: AVP - EAP Message
>> EAP-TTLS: Phase 2 EAP - hexdump(len=6): 01 01 00 06 0d 20
>> EAP-TTLS: received Phase 2: code=1 identifier=1 length=6
>> EAP-TTLS: Phase 2 EAP Request: type=13
>> EAP-TTLS: Selected Phase 2 EAP vendor 0 method 13
>> SSL: Initializing TLS engine
>> ENGINE: Engine ID not set
>> TLS: Failed to set TLS connection parameters
>> EAP-TLS: Failed to initialize SSL.
>>
>> And following
>> http://user.uni-frankfurt.de/~testrad/wpa_supplicant/wpa_supplicant.conf.examples
>>
>>
>> I thought I had to use "client_cert2". You don't think so?
>>
>
> I'm not very familiar with the exact authentication process, but it
> seems like you need client_cert for the initial EAP-TTLS authentication,
> then for phase 2, you need an additional client_cert2. Does that work?
>
That gives more or less the same error. But I think that cannot be the
solution anyway since EAP-TTLS should not require client authentication
from what I know about EAP-TTLS, but I might be wrong. But I also think
the problem lies in the order of the statements.
I have another more general question: Does the EAP-TTLS module call the
EAP-TLS module? I mean it seems, that it works like that since I see my
old debug messages but is that really correct?
Regards and thanks
Carolin
--
Carolin Latze
Research Assistant
Department of Computer Science
Boulevard de P?rolles 90
CH-1700 Fribourg
phone: +41 26 300 83 30
homepage: http://diuf.unifr.ch/people/latzec
More information about the Hostap
mailing list