wpa_supplicant, PEAP and SSL

rolando david roda56 at yahoo.com
Mon Jan 15 11:30:48 EST 2007


I have been trying to figure out why I cannot connect to my network via RADIUS and PEAP. I can connect using fine using several W2K clients but when I attempt to connect a linux client I cannot. I logged the errors and have noticed that there is an issue with SSL and my client server handshake:

EAP-PEAP: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: Trusted root certificate(s) loaded
OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib
OpenSSL: SSL_use_certificate_file (PEM) --> OK
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 100 bytes pending from ssl_out
SSL: 100 bytes left to be sent out (of total 100 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE

My wpa_supplicant.conf:

network={ 
ssid="my ssid" 
key_mgmt=WPA-EAP IEEE8021x 
eap=PEAP 
auth_alg=OPEN 
identity="OPENRADIUS ID" 
password="PASSWORD" 
ca_cert="/path/to/cert/cacert.pem 
client_cert="/path/to/cert/client_cert.pem 
phase1="peaplabel=1" 
phase2="auth=MSCHAPV2" 
priority=10 
}  

help?

 
---------------------------------
The fish are biting.
 Get more visitors on your site using Yahoo! Search Marketing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070115/15c6a03b/attachment.htm 


More information about the HostAP mailing list