How to log what's happening during 802.1X EAP-TTLS authentification?

mike4658 at freenet.de mike4658 at freenet.de
Mon Oct 25 07:19:36 EDT 2010 

        Hello,

here is the end of the log file (I logged with the option "-d"):

X509: Did not find any of the issuers from the list of trusted certificates
TLSv1: Server certificate chain validation failed (reason=6)
TLSv1: Send 
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=00:12:da:9e:60:00
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
RX EAPOL from 00:12:da:9e:60:00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed unsuccessfully
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:12:da:9e:60:00 into blacklist
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

What does this
"X509: Did not find any of the issuers from the list of trusted certificates
TLSv1: Server certificate chain validation failed (reason=6)"
mean?

Thanks in advance,

Mike


> > I get this messages while connecting to an AP with wpa_supplicant:
> >
> > CTRL-EVENT-EAP-STARTED EAP authentication started
> > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
> > CTRL-EVENT-EAP-FAILURE EAP authentication failed
> > CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> > How can I get a detailed log of what's happening during the
> EAP-TTLS authentification?
> 
> You can add -dd on the command like for wpa_supplicant to get
> detailed
> debug output and optionally add -K if you are fine with including
> potentially private information likes keys in the output.
> 
> > Is openssl needed for an EAP-TTLS authentification with
> wpa_supplicant?
> 
> No, but a TLS library is (i.e., OpenSSL, GnuTLS, or the internal TLS
> implementation in wpa_supplicant, etc.).




FreeLotto - das kostenlose Lotto von freenet!
Jeden Tag die Chance auf 2 Millionen Euro nutzen.
Jetzt gratis Lotto spielen auf http://freelotto.freenet.de!

More information about the HostAP mailing list