EAP-TLS connection problem

Dmitry Shmidt dimitrysh at google.com
Tue Jul 8 20:56:11 EDT 2008


Authentication server is MSFT 2003.
Is it possible that OpenSSL library has some problem ?

Thanks,

Dmitry

On Tue, Jul 8, 2008 at 5:38 PM, Jouni Malinen <j at w1.fi> wrote:

> On Tue, Jul 08, 2008 at 08:32:09AM -0700, Dmitry Shmidt wrote:
>
> > > I have ported wpa_supplicant 0.5.10 and I am trying to associate with
> > > WPA-EAP-TLS.
> > > And I am receiving next error. (full log is attached).
>
> > > TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1
> > > buf='/DC=tw/DC=com/DC=sitdc1/CN=WLAN01'
> > > TLS: Certificate verification failed, error 7 (certificate signature
> > > failure) depth 0 for '/CN=wlan01.sitdc1.com.tw'
>
> OpenSSL rejected the server certificate.
>
> > > OpenSSL: tls_connection_handshake - SSL_connect error:0407006A:rsa
> > > routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> > > OpenSSL: pending error: error:04067072:rsa
> > > routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
>
> The reason for rejection seems to be in incorrect RSA padding (PKCS#1)
> in the TLS handshake. Which authentication server was used here?
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080708/2849d8d7/attachment.htm 


More information about the HostAP mailing list