Problem with EAP-TLS connection to Atheros AR5002AP-2X AP

Chr chunkeey at
Sun Jul 27 10:33:40 EDT 2008

On Sunday 27 July 2008 00:15:49 Chr wrote:
> Well... after sniffing some EAP-Frames it looks like
> that madwifi's stack or  their driver has problems with fragmentation,
> because the "Server Certificate" in the EAP gets truncated.
> So, I my theory is this:
> wpa_supplicant does the right thing by dropping the connection,
> since it can't verify if the server certificate is valid or not.
> Unfortunately, I don't have any backups of my old working setup,
> so I don't really know which was the last madwifi-revision
> where everything worked well...
Alright, I found a _simple_ workaround.

just compile your client's wpa_supplicant with gnutls (and don't forget to 
enable gnutls extras) instead of openssl!

This will let you associate.. 
But WPA doesn't work for me as madwifi/hostapd seems to have a different
opinion about the RSN flags when WPA is enabled... So, try to force 
"proto=RSN" in your wpa_supplicant.conf if you see messages about
"IE in 3/4 msg does not match with IE in Beacon/ProbeResp".


More information about the HostAP mailing list