wpa eap-tls failure on a uClinux distro port

Jouni Malinen jkmaline at cc.hut.fi
Sat Jun 10 00:13:08 EDT 2006


On Tue, Jun 06, 2006 at 11:26:16AM +0300, Stavros Markou wrote:

> I have ported the latest stable wpa_supplicant to uClinux for ARM 
> architecture and it works great for WPA-PSK  . Now I am trying to
> use WPA 1x authentication and I cannot pass the EAP-REQUEST EAP-RESPONSE 
> stage. I am using openssl-0.9.7c which is reported to work with the 
> supplicant . Is there something I need to check for the openssl or 
> wpa-supplicant ?

I've seen wpa_supplicant working with both uClinux and ARM; though, if I
remember correctly, not with the combination of both. I was using a
newer version of OpenSSL, though.

> SSL: Received packet(len=6) - Flags 0x20
> EAP-TLS: Start
> SSL: eap_tls_process_helper -  tls_out_len : 0
> SSL: eap_tls_process_helper -BEFORE REASSEMBLE!!!!
> EAP-TLS: TLS processing failed

This is failing for the first message of TLS handshake (ClientHello), so
there hasn't really been any processing that OpenSSL would have done
before this apart from configuration. Have you tried using OpenSSL with
any other program on that device?

I would also consider trying to comment out some of the certificate/
private key parsing calls to OpenSSL. wpa_supplicant is trying number of
different format options (DER/PEM/PKCS#12/...) and this shows up as a
large number of OpenSSL errors. I haven't seen this causing issues, but
I cannot think of anything else that could be triggering this kind of
behavior. It would be enough to just hardcode tls_openssl.c to use the
format that you happen to be using in the configuration.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list