wpa_supplicant using EAP-TTLS problem

王奕元 dadai.cm91 at gmail.com
Sun Nov 11 04:16:56 EST 2007


If I change the parameter "certificate_file" in tls section,
and using the same file with "CA_file" parameter,
radius can not file the certificate_file path and can not work.
It shows:
 tls: private_key_file = "/usr/local/etc/raddb/certs/cacert.pem"
 tls: certificate_file = "(null)"  <===  here is strange
 tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/usr/local/etc/raddb/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: SSL error error:0200100E:system library:fopen:Bad address
rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls
radiusd.conf[10]: eap: Module instantiation failed.
radiusd.conf[1960] Unknown module "eap".
radiusd.conf[1907] Failed to parse authenticate section.

The original file  that "certificate_file" and "private_key_file" used is
cert-srv.pem
and in that file,
there is specail format like this:

Bag Attributes
    localKeyID: 0C BA ED 0A 7B E9 67 CD E7 0A 08 39 DB 9D 99 34 0A C6 2B A4
subject=/C=CA/ST=Province/L=Some City/O=Organization/OU=localhost/CN=Root
certificate/emailAddress=root at example.com
issuer=/C=CA/ST=Province/L=Some
City/O=Organization/OU=localhost/CN=Client
certificate/emailAddress=client at example.com

-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
Bag Attributes
    localKeyID: 0C BA ED 0A 7B E9 67 CD E7 0A 08 39 DB 9D 99 34 0A C6 2B A4
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,45A3F7FFC07A6C8D

......
-----END RSA PRIVATE KEY-----

I wonder what the "Bag Attributes" and "localKeyID" are and where they come
from.
The pem file I created by myself only have
"-----BEGIN CERTIFICATE-----
 ..............................
 -----END CERTIFICATE-----"
and
"------BEGIN RSA PRIVATE KEY-----
 .......................................
 -----END RSA PRIVATE KEY-----"

Moreover,
if I change both "certificate_file" and "private_key_file" path to the file
I created,
it still can not work because of the certificate_file's path shows null.

Well,
how should I do if I want to change the certificate_file to myself file?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071111/ceabb9a1/attachment.htm 


More information about the HostAP mailing list