TLS negotiation fails while connecting to EAP-TLS network

Damien Dejean damiendejean at google.com
Fri Jul 2 01:34:19 PDT 2021 

Hi,

I'm using an AP with EAP-TLS authentication and I'm using
wpa_supplicant 2.9. I add a network with the following parameters:

network {
  ssid "my_network"
  identity "user-tls"
  ca_cert "/tmp/ca.cert.pem"
  eap TLS
  subject_match "my_network.example.com"
  client_cert "/tmp/device.cert.pem"
  private_key "/tmp/device.key.pem"
  key_mgmt WPA-EAP WPA-EAP-SHA256 FT-EAP
}

I start the association using "select_network" in wpa_cli and the
authentication fails during the TLS negotiation with the following
messages:

DEBUG wpa_supplicant[1813]: OpenSSL: RX ver=0x303 content_type=22
(handshake/certificate)
NOTICE wpa_supplicant[1813]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1
subject='/C=FR/ST=Auvergne-Rhone-Alpes/L=Grenoble/O=Example
Ltd/OU=Example team/CN=Example Certificate
Authority/emailAddress=ca at example.com'
hash=a7d7f79c67b971c2fd084a60e93168834925075724fda38ab24a4f8a4d580c0c
DEBUG wpa_supplicant[1813]: TLS: tls_verify_cb - preverify_ok=1 err=0
(ok) ca_cert_verify=1 depth=1
buf='/C=FR/ST=Auvergne-Rhone-Alpes/L=Grenoble/O=Example Ltd/OU=Example
team/CN=Example Certificate Authority/emailAddress=ca at example.com'
NOTICE wpa_supplicant[1813]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0
subject='/C=FR/ST=Auvergne-Rhone-Alpes/O=Example Ltd/OU=Example
team/CN=my_network.example.com'
hash=7190cbd20af2860b0560b04c308b180e023d61b975a38737ba06ae9bd7851b47
DEBUG wpa_supplicant[1813]: TLS: tls_verify_cb - preverify_ok=1 err=0
(ok) ca_cert_verify=1 depth=0
buf='/C=FR/ST=Auvergne-Rhone-Alpes/O=Example Ltd/OU=Example
team/CN=my_network.example.com'
DEBUG wpa_supplicant[1813]: EAP: Status notification: remote
certificate verification (param=success)
DEBUG wpa_supplicant[1813]: OpenSSL: RX ver=0x0 content_type=256 (TLS
header info/)
DEBUG wpa_supplicant[1813]: SSL: (where=0x1001 ret=0x1)
DEBUG wpa_supplicant[1813]: SSL: SSL_connect:SSLv3/TLS read server certificate
DEBUG wpa_supplicant[1813]: OpenSSL: RX ver=0x303 content_type=22
(handshake/server key exchange)
DEBUG wpa_supplicant[1813]: OpenSSL: RX ver=0x0 content_type=256 (TLS
header info/)
DEBUG wpa_supplicant[1813]: SSL: (where=0x1001 ret=0x1)
DEBUG wpa_supplicant[1813]: SSL: SSL_connect:SSLv3/TLS read server key exchange
DEBUG wpa_supplicant[1813]: OpenSSL: RX ver=0x303 content_type=22
(handshake/certificate request)
DEBUG wpa_supplicant[1813]: OpenSSL: RX ver=0x0 content_type=256 (TLS
header info/)
DEBUG wpa_supplicant[1813]: SSL: (where=0x1001 ret=0x1)
DEBUG wpa_supplicant[1813]: SSL: SSL_connect:SSLv3/TLS read server
certificate request
DEBUG wpa_supplicant[1813]: OpenSSL: RX ver=0x303 content_type=22
(handshake/server hello done)
DEBUG wpa_supplicant[1813]: SSL: (where=0x1001 ret=0x1)
DEBUG wpa_supplicant[1813]: SSL: SSL_connect:SSLv3/TLS read server done
DEBUG wpa_supplicant[1813]: OpenSSL: TX ver=0x0 content_type=256 (TLS
header info/)
DEBUG wpa_supplicant[1813]: OpenSSL: TX ver=0x303 content_type=22
(handshake/certificate)
DEBUG wpa_supplicant[1813]: SSL: (where=0x1001 ret=0x1)
DEBUG wpa_supplicant[1813]: SSL: SSL_connect:SSLv3/TLS write client certificate
DEBUG wpa_supplicant[1813]: OpenSSL: TX ver=0x0 content_type=256 (TLS
header info/)
DEBUG wpa_supplicant[1813]: OpenSSL: TX ver=0x303 content_type=22
(handshake/client key exchange)
DEBUG wpa_supplicant[1813]: SSL: (where=0x1001 ret=0x1)
DEBUG wpa_supplicant[1813]: SSL: SSL_connect:SSLv3/TLS write client key exchange
DEBUG wpa_supplicant[1813]: OpenSSL: TX ver=0x0 content_type=256 (TLS
header info/)
DEBUG wpa_supplicant[1813]: OpenSSL: TX ver=0x303 content_type=21 (alert/)
DEBUG wpa_supplicant[1813]: SSL: (where=0x4008 ret=0x250)
NOTICE wpa_supplicant[1813]: SSL: SSL3 alert: write (local SSL3
detected an error):fatal:internal error
DEBUG wpa_supplicant[1813]: EAP: Status notification: local TLS alert
(param=internal error)
DEBUG wpa_supplicant[1813]: SSL: (where=0x1002 ret=0xffffffff)
DEBUG wpa_supplicant[1813]: SSL: SSL_connect:error in error
NOTICE wpa_supplicant[1813]: OpenSSL: openssl_handshake - SSL_connect
error:141F0007:SSL routines:tls_construct_cert_verify:EVP lib
DEBUG wpa_supplicant[1813]: SSL: 3115 bytes pending from ssl_out
DEBUG wpa_supplicant[1813]: SSL: Using TLS version TLSv1.2
DEBUG wpa_supplicant[1813]: SSL: Failed - tls_out available to report
error (len=3115)

It seems openssl is failing when doing EVP_DigestSign(...) that's why
it ends with "SSL_connect error:141F0007:SSL
routines:tls_construct_cert_verify:EVP lib" but I can't understand
why. I check the device and the server certificates against the CA and
they're correct. I also tried to disable TLSv1.3 or TLSv1.2 and it
fails with the same error.
Does anyone have an idea on what's going wrong here ?

Damien.

More information about the Hostap mailing list