Problems with EAP-TLS

Jouni Malinen j at w1.fi
Sun Nov 22 15:12:33 EST 2009


On Fri, Nov 20, 2009 at 07:51:56PM -0500, Christian Scheid wrote:

> Attached please find a more detailed trace with hex dumps of the
> received/sent packets. It looks to me that the supplicant is responding to
> id 4 but the server keeps resending the last id. Not sure why. Could it be a
> timing issue?

Thanks. It looks like there is something quite badly wrong in whatever
is translating these messages between the authentication server and the
EAP peer implementation from wpa_supplicant. Based on the certificate
names, I would assume this is using WiMAX and some kind of translation
of EAP information from there into wpa_supplicant code. This code is not
included in the wpa_supplicant repository nor have I seen it, so I
cannot provide more comments on what could be wrong there.

I would suggest checking the translation glue code between WiMAX and EAP
peer. It seems to be sending most EAP messages multiple times (id=1
once, id=2 twice, id=3 thrice, id=4 at least four times)..

Is the WiMAX glue code that is used here something that is available
under an open source license (or could be released as such)?

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list