Problems with EAP-TLS

Christian Scheid cxscheid at gmail.com
Mon Nov 16 10:59:18 EST 2009


Hi,

I'm currently integrating the wpa supplicant with another software piece.
For some reason the process doesn't complete the final step. I think it has
to do with the fact that not all bytes from openssl are being processed. It
sends the first batch of 1398 bytes but not the rest. (see trace below)

Can anyone give me a suggestion what might be missing?

Thanks!


cxs: OpenSSL_add_all_algorithms
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=57 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=30):
     30 30 31 41 32 30 30 32 39 39 46 33 40 63 6c 65   001A200299F3 at cle
     61 72 77 69 72 65 2d 77 6d 78 2e 6e 65 74         arwire-wmx.net
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
cxs calling tls_verify_cb
OpenSSL: SSL_use_certificate_file (DER) --> OK
OpenSSL: SSL_use_PrivateKey_File (DER) --> OK
SSL: Private key loaded successfully
TLS: Include TLS Message Length in unfragmented packets
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 88 bytes pending from ssl_out
SSL: 88 bytes left to be sent out (of total 88 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1300) - Flags 0xc0
SSL: TLS Message Length: 3389
SSL: Need 2099 bytes more input data
SSL: Building ACK (type=13 id=2 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1300) - Flags 0x40
SSL: Need 805 bytes more input data
SSL: Building ACK (type=13 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=811) - Flags 0x00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
cxs: tls_verify_cb
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=2 buf='/CN=WiMAX
Forum(R) Server Root-CA/O=WiMAX Forum(R)/C=US'
cxs: tls_verify_cb
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=US/O=Intel
Corporation/CN=Intel WiMAX Server Sub CA'
cxs: tls_verify_cb
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0
buf='/O=Clearwire/OU=WiMAX Forum(R) Server/OU=2/CN=
WA-WAN999-SUN-T2000-AAAFE-1.clearwire-wmx.net'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate request A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write certificate verify A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 3156 bytes pending from ssl_out
SSL: 3156 bytes left to be sent out (of total 3156 bytes)
SSL: sending 1398 bytes, more fragments will follow
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state RETRANSMIT
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20091116/ee1f041d/attachment-0001.htm 


More information about the HostAP mailing list