EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails

Jouni Malinen jkmaline at cc.hut.fi
Thu Feb 10 23:32:41 EST 2005


On Thu, Feb 10, 2005 at 07:40:14PM -0800, Coert Vonk wrote:

> Running the 0.3.7-pre version of both wpa_supplicant and hostapd, I
> appear to have problems with the supplicant authenticating.  I am
> fairly sure that the hostapd is running fine, because the native
> Windows/XP SP2 supplicant connects fine (with the help that I received
> early).
> 
> I notice the following in both wpa_supplicant and hostapd traces:
>  SSL: SSL_connect:error in SSLv3 read server hello A

That's ok. EAP-TLS part succeeds without any problems.

> More background:
>   the hostapd is running with the madwifi driver with an altheros nic

It looks like the AP could be sending different WPA IE in Beacon and/or
Probe Response frames:

WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp
(src=00:02:6f:21:df:ff)
WPA: WPA IE in Beacon/ProbeResp - hexdump(len=30): dd 1c 00 50 f2 01 01
00 00 50 f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 01 01 00
WPA: WPA IE in 3/4 msg - hexdump(len=28): dd 1a 00 50 f2 01 01 00 00 50
f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 01

This has been a known issue with the madwifi driver since it does not
provide mechanism for synchronizing IEs between the driver (which is
generating Beacon and Probe Response frames) and hostapd (which is
generating the EAPOL-Key frames used in 4-Way Handshake). In other
words, this requires a change in the driver and I would recommend asking
this question on madwifi mailing lists.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list