Problem with EAP-TLS connection to Atheros AR5002AP-2X AP

Chr chunkeey at web.de
Sun Jul 27 10:33:40 EDT 2008


On Sunday 27 July 2008 00:15:49 Chr wrote:
>
> Well... after sniffing some EAP-Frames it looks like
> that madwifi's stack or  their driver has problems with fragmentation,
> because the "Server Certificate" in the EAP gets truncated.
>
> So, I my theory is this:
> wpa_supplicant does the right thing by dropping the connection,
> since it can't verify if the server certificate is valid or not.
>
> Unfortunately, I don't have any backups of my old working setup,
> so I don't really know which was the last madwifi-revision
> where everything worked well...
>
Alright, I found a _simple_ workaround.

just compile your client's wpa_supplicant with gnutls (and don't forget to 
enable gnutls extras) instead of openssl!

This will let you associate.. 
But WPA doesn't work for me as madwifi/hostapd seems to have a different
opinion about the RSN flags when WPA is enabled... So, try to force 
"proto=RSN" in your wpa_supplicant.conf if you see messages about
"IE in 3/4 msg does not match with IE in Beacon/ProbeResp".

Regards,
	Chr


More information about the HostAP mailing list