Problem with EAP-TLS connection to Atheros AR5002AP-2X AP
chunkeey at web.de
Sun Jul 27 10:33:40 EDT 2008
On Sunday 27 July 2008 00:15:49 Chr wrote:
> Well... after sniffing some EAP-Frames it looks like
> that madwifi's stack or their driver has problems with fragmentation,
> because the "Server Certificate" in the EAP gets truncated.
> So, I my theory is this:
> wpa_supplicant does the right thing by dropping the connection,
> since it can't verify if the server certificate is valid or not.
> Unfortunately, I don't have any backups of my old working setup,
> so I don't really know which was the last madwifi-revision
> where everything worked well...
Alright, I found a _simple_ workaround.
just compile your client's wpa_supplicant with gnutls (and don't forget to
enable gnutls extras) instead of openssl!
This will let you associate..
But WPA doesn't work for me as madwifi/hostapd seems to have a different
opinion about the RSN flags when WPA is enabled... So, try to force
"proto=RSN" in your wpa_supplicant.conf if you see messages about
"IE in 3/4 msg does not match with IE in Beacon/ProbeResp".
More information about the HostAP