EAP-TLS connection problem

Jouni Malinen j at w1.fi
Fri Jul 11 20:07:18 EDT 2008


On Thu, Jul 10, 2008 at 10:16:54PM -0700, Dmitry Shmidt wrote:
> RootCA that we are using is self-signed.
> Can it be a problem ? Is it possible that we need to configure either
> OpenSSL library or wpa_supplicant
> to accept this kind of certificates ?

That shouldn't cause the error that was shown in the debug log. In
general, all root CAs are self-signed, but anyway, certificate issues
result in different error message. The one about invalid padding would
indicate that there is an implementation bug in either end of the
connection.. The odd part is that I have not seen this from either
OpenSSL or IAS, so I don't know what exactly went wrong here unless
there can be some sort of odd OpenSSL build issue.

In order to debug this, one may need to add more debug statements into
OpenSSL (and, obviously, build OpenSSL with debug enabled).
Alternatively, it might be possible to test with another TLS
implementation (e.g., the internal TLS code in wpa_supplicant 0.6.x).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list