Query: auth server bahaviour when presented with unknown user certs (EAP-TLS)
Soh Kam Yung
sohkamyung at gmail.com
Thu Nov 27 21:11:10 EST 2008
On Thu, Nov 27, 2008 at 9:31 PM, Jouni Malinen <j at w1.fi> wrote:
> On Thu, Nov 27, 2008 at 05:22:02PM +0800, Soh Kam Yung wrote:
>> Suppose I have a device with two or more user certificates which are
>> used to join two or more different EAP-TLS networks. When I am
>> requested to join a EAP-TLS network, I will try to join by passing the
>> user certificates one by one to the server using wpa_supplicant (i.e.
>> change the "private_key" and "private_key_password" parameters in each
>> join attempt) until it succeeds or until I run out of user
> Ideally, this would be done be selecting the certificate based on which
> certificate server used and what the server asked for in
Could you provide some more details on I can do this?
I have tried to join my test EAP-TLS network with the following configuration:
I left out:
When I enable it via wpa_cli, I keep getting:
<2>CTRL-EVENT-EAP-STARTED EAP authentication started
<2>EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
<2>CTRL-EVENT-EAP-FAILURE EAP authentication failed
<2>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
If I put the private_key and private_key_passwd into the
configuration, it succeeds.
How do I get wpa_supplicant to request for the user certificate via
the control interface?
Soh Kam Yung
my Google Reader Shared links:
my Google Reader Shared SFAS links:
More information about the HostAP