Trouble connection to eduroam - openssl 1.1.0.e vs 1.0.2.l
Dan Williams
dcbw at redhat.com
Fri May 26 14:30:08 PDT 2017
On Fri, 2017-05-26 at 21:45 +0100, Mauro Santos wrote:
> On 26-05-2017 20:57, Dan Williams wrote:
> > Use "-dddt" for max debugging with timestamps. Make sure you scan
> > the
> > logs for your password and remove that before sending to the list
> > of
> > course. It might also be in the hex bytes the supplicant dumps, so
> > check those too.
>
> I have rerun the tests now with -dddt. The distro has updated openssl
> to
> 1.1.0f so this tests are with the new version (which still causes
> problems).
>
> I have used:
> wpa_supplicant -cipt.conf -iwlan0 -dddt 2>&1 | tee {good,bad}
>
> to get the logs and check when I can ^C and stop things. I think I
> didn't miss any output.
>
> For the case where I manage to connect I have confirmed that things
> work
> by running dhcpcd after wpa_supplicant and successfully pinging
> google.
>
> In the logs I have [REDACTED] my username (8 bytes long if it
> matters)
> and I believe passwords are not dumped to the logs unless -K is used,
> at
> least I didn't find my password in the logs.
>
> Logs for both cases are attached.
Yeah, something is quite different with new OpenSSL. But it looks like
the old OpenSSL isn't even using TLS, so the good/bad aren't testing
the same things.
BAD:
1495830003.390560: SSL: SSL_connect:before SSL initialization
1495830003.390631: OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
1495830003.390644: OpenSSL: Message - hexdump(len=5): [REMOVED]
1495830003.390657: OpenSSL: TX ver=0x301 content_type=22 (handshake/client hello)
1495830003.390663: OpenSSL: Message - hexdump(len=93): [REMOVED]
1495830003.390667: SSL: (where=0x1001 ret=0x1)
1495830003.390670: SSL: SSL_connect:SSLv3/TLS write client hello
1495830003.390677: SSL: (where=0x1002 ret=0xffffffff)
1495830003.390680: SSL: SSL_connect:error in SSLv3/TLS write client hello
1495830003.390690: SSL: SSL_connect - want more data
1495830003.390694: SSL: 98 bytes pending from ssl_out
1495830003.390701: SSL: 98 bytes left to be sent out (of total 98 bytes)
GOOD:
1495829825.798298: SSL: SSL_connect:before/connect initialization
1495829825.798356: OpenSSL: TX ver=0x301 content_type=256 (TLS header info/)
1495829825.798367: OpenSSL: Message - hexdump(len=5): [REMOVED]
1495829825.798373: OpenSSL: TX ver=0x301 content_type=22 (handshake/client hello)
1495829825.798378: OpenSSL: Message - hexdump(len=190): [REMOVED]
1495829825.798382: SSL: (where=0x1001 ret=0x1)
1495829825.798387: SSL: SSL_connect:SSLv2/v3 write client hello A
1495829825.798394: SSL: (where=0x1002 ret=0xffffffff)
1495829825.798399: SSL: SSL_connect:error in SSLv2/v3 read server hello A
1495829825.798414: SSL: SSL_connect - want more data
1495829825.798421: SSL: 195 bytes pending from ssl_out
1495829825.798436: SSL: 195 bytes left to be sent out (of total 195 bytes)
More information about the Hostap
mailing list