EAP-TLS + internal crypto problem

Chuck Tuffli Chuck.Tuffli at dspg.com
Thu Jul 9 19:20:23 EDT 2009


On Thur, July 8, 2009 at 3:33 PM, Chuck Tuffli wrote:
> I upgraded to the 0.7.x supplicant and elected to use the internal
> crypto, but my EAP-TLS configuration no longer works. Previously I
> used 0.5.10 + OpenSSL against a FreeRadius server and this worked
> well. The only difference now in the setup (STA, AP, FreeRadius,
> configuration files, etc) is the new supplicant built with
> CONFIG_TLS=internal. Is this a problem with internal crypto or maybe
> with my certs?

I investigated this a little bit more and see from the log

PKCS #8: Does not start with PKCS #8 header (SEQUENCE); assume PKCS #8
not used
Trying to parse PKCS #1 encoded RSA private key
RSA: Expected SEQUENCE (public key) - found class 0 tag 0xd
TLSv1: Failed to parse private key
TLS: Failed to load private key
TLS: Failed to set TLS connection parameters

I think what this means is crypto_rsa_import_private_key() is expecting
a sequence corresponding to the private key, but instead gets a relative
OID (whatever that is). Is it possible to tell which PKCS scheme my
certficates use (i.e. PKCS #1, PKCS #2, ...)?

---chuck

______________________________________________________________________
DSP Group, Inc. automatically scans all emails and attachments using MessageLabs Email Security System.
_____________________________________________________________________


More information about the HostAP mailing list