wpa_supplicant file problem with EAP_TLS

shantanu choudhary shantanu_843 at yahoo.co.in
Thu Jun 7 12:10:17 EDT 2007


hello all,
i am now using wpa_supplicant for EAP-TLS, i am using certificates provided with freeradius.org.
my server is saying access-accept for local host but when i am trying to connect i am getting errors related to ssl
can u giude me what to do to make it work?
i am giving u my wpa_supplicant file and my result log, hope u figure out what is problem and can help me out!!!!

my wpa_supplicant.conf is:-
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
#ap_scan =
 2
network={
ssid="ATH183"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TLS
identity="shantanu"
ca_cert="/root/D/radius/wpa_helper_package/certs/demoCA/cacert.pem"
client_cert="/root/D/radius/wpa_helper_package/certs/cert-clt.der"
private_key="/root/D/radius/wpa_helper_package/certs/cert-clt.der"
password="whatever"
}

my result is some what like this:-

Initializing interface 'ath0' conf '/etc/wpa_supplicant/WPA_EAP_TLS.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant/WPA_EAP_TLS.conf' -> '/etc/wpa_supplicant/WPA_EAP_TLS.conf'
Reading configuration file '/etc/wpa_supplicant/WPA_EAP_TLS.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group='wheel' (DEPRECATED)
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=6):
     41 54 48 31 38
 33                                 ATH183          
scan_ssid=1 (0x1)
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=8):
     73 68 61 6e 74 61 6e 75                           shantanu        
ca_cert - hexdump_ascii(len=57):
     2f 72 6f 6f 74 2f 44 2f 72 61 64 69 75 73 2f 77   /root/D/radius/w     70 61 5f 68 65 6c 70 65 72 5f 70 61 63 6b 61 67   pa_helper_packag     65 2f 63 65 72 74 73 2f 64 65 6d 6f 43 41 2f
 63   e/certs/demoCA/c     61 63 65 72 74 2e 70 65 6d                        acert.pem       
client_cert - hexdump_ascii(len=52):
     2f 72 6f 6f 74 2f 44 2f 72 61 64 69 75 73 2f 77   /root/D/radius/w     70 61 5f 68 65 6c 70 65 72 5f 70 61 63 6b 61 67   pa_helper_packag     65 2f 63 65 72 74 73 2f 63 65 72 74 2d 63 6c 74   e/certs/cert-clt     2e 64 65 72                                       .der            
private_key -
 hexdump_ascii(len=52):
     2f 72 6f 6f 74 2f 44 2f 72 61 64 69 75 73 2f 77   /root/D/radius/w     70 61 5f 68 65 6c 70 65 72 5f 70 61 63 6b 61 67   pa_helper_packag     65 2f 63 65 72 74 73 2f 63 65 72 74 2d 63 6c 74   e/certs/cert-clt     2e 64 65 72                                       .der            
password - hexdump_ascii(len=8): [REMOVED]

Priority group 0
   id=0 ssid='ATH183'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state
 DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=22 WE(source)=13 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:03:7f:00:00:d6
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
Setting scan request: 0 sec 100000 usec
ctrl_interface_group=10 (from group name 'wheel')
Added interface ath0
RTM_NEWLINK: operstate=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x11003
 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=6):
     41 54 48 31 38 33                                 ATH183          
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 1929 bytes of scan results (9 BSSes)
Scan results: 9
Selecting BSS from priority group 0
0: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=28 rsn_ie_len=0 caps=0x11
   skip - SSID mismatch
1: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
Trying to associate with 00:03:7f:09:60:7e (SSID='ATH183'
 freq=2462 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 proto 1
WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
---------------------------------------------------------------------
Received 1929 bytes of scan results (9 BSSes)
Scan results: 9
Selecting BSS from priority group 0
0: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=28 rsn_ie_len=0 caps=0x11
   skip - SSID mismatch
1: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
Already associated with the selected AP.
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:03:7f:09:60:7e
State: ASSOCIATING ->
 ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:03:7f:09:60:7e
No keys have been configured - skip key clearing
Associated with 00:03:7f:09:60:7e
CTRL_IFACE monitor send - hexdump(len=23): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 38 30 35 39 2d 32 30 33 00
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
----------------------------------------------------------------------------------------------
EAP: using real identity - hexdump_ascii(len=8):
     73 68 61 6e 74 61 6e 75                           shantanu        
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering
 state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 73 68 61 6e 74 61 6e 75
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:7e
RX EAPOL - hexdump(len=10): 01 00 00 06 01 01 00 06 0d 20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
TLS: Trusted root certificate(s) loaded
OpenSSL: SSL_use_certificate_file (DER) --> OK
OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error
OpenSSL: pending error: error:0D08303A:asn1
 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
OpenSSL: pending error: error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
OpenSSL: pending error: error:140CB00D:SSL routines:SSL_use_PrivateKey_file:ASN1 lib
OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (PEM) failed error:0906D06C:PEM routines:PEM_read_bio:no start line
OpenSSL: pending error: error:140CB009:SSL routines:SSL_use_PrivateKey_file:PEM lib
OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error
OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
OpenSSL: Failed to load private key
TLS: Failed to load private key '/root/D/radius/wpa_helper_package/certs/cert-clt.der'
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed
 to initialize SSL.
ENGINE: engine deinit
EAP-TLS: Requesting private key passphrase
CTRL-REQ-PASSPHRASE-0:Private key passphrase needed for SSID ATH183
CTRL_IFACE monitor send - hexdump(len=23): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 38 30 35 39 2d 32 30 33 00
EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
CTRL_IFACE monitor send - hexdump(len=23): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 38 30 35 39 2d 32 30 33 00
EAP: Pending PIN/passphrase request - skip Nak
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE

shantanu







       Download prohibited? No problem! CHAT from any browser, without download.





      Download prohibited? No problem! To chat from any browser without download, Click Here: http://in.messenger.yahoo.com/webmessengerpromo.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070607/506323bb/attachment.htm 


More information about the HostAP mailing list