Problems with EAP-TTLS/EAP-TLS

Carolin Latze carolin.latze at unifr.ch
Fri Oct 24 08:36:19 EDT 2008


Sjors Gielen wrote:
> Carolin Latze wrote:
>   
>> That gives more or less the same error. But I think that cannot be the
>> solution anyway since EAP-TTLS should not require client authentication
>> from what I know about EAP-TTLS, but I might be wrong. But I also think
>> the problem lies in the order of the statements.
>>
>> I have another more general question: Does the EAP-TTLS module call the
>> EAP-TLS module? I mean it seems, that it works like that since I see my
>> old debug messages but is that really correct?
>>     
>
> Oops, missed this. According to this line in your wpa_supplicant.conf:
>         phase2="autheap=TLS"
> It does ;) Change that to
>         phase2="autheap=MD5"
> or
>         phase2="autheap=MSCHAPV2"
> (or something similar) and it will probably work :)
>   

Tried that and still get

OpenSSL: tls_connection_engine_private_key - Private key failed 
verification error:140A30B1:SSL routines:SSL_check_private_key:no 
certificate assigned

:) But anyway, I really would like to have EAP-TTLS/EAP-TLS, which means 
to have mutual authentication inside a tunnel established with server 
authentication. Do you think that is possible?

Regards and Thanks for all those hints!
Carolin

-- 
Carolin Latze
Research Assistant

Department of Computer Science
Boulevard de Pérolles 90
CH-1700 Fribourg

phone: +41 26 300 83 30
homepage: http://diuf.unifr.ch/people/latzec




More information about the HostAP mailing list