No subject

彦 张 yzhang0528 at hotmail.com
Fri Apr 1 23:20:56 EDT 2011


Hello,
I have a problem about EAP-TLS connection with Hostapd. the error happens when the server verify
the device certificate.
the log of hostapd is as following:
***************************************************
RADIUS SRV: Reply to 192.168.3.99:1024
RADIUS message: code=11 (Access-Challenge) identifier=6 length=52
   Attribute 24 (State) length=6
      Value: 00 00 00 03
   Attribute 79 (EAP-Message) length=8
      Value: 01 07 00 06 0d 00
   Attribute 80 (Message-Authenticator) length=18
      Value: 89 f6 c4 22 32 e5 96 1a 6f 8f a7 95 0b 86 ae f7
RADIUS SRV: Received 247 bytes from 192.168.3.99:1024
RADIUS SRV: Received data - hexdump(len=247): 01 07 00 f7 e6 4d 0c 64 9f e9 ad 40 58 57 64 21 97 72 aa 1a 01 13 30 30 3a 30 42 3a 36 43 3a 45 31 3a 33 37 3a 45 32 04 06 c0 a8 03 63 1f 08 00 0b 6c e1 37 e2 3d 06 00 00 00 1b 0c 04 05 78 18 12 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 4f 94 02 07 00 92 0d 00 1f c8 46 8e 1a 5b cf dd 69 8d 2a 13 70 7f d9 34 62 8c eb ca 77 1e a3 ee 15 be 8a 19 52 09 c8 38 36 35 a6 1f 3d 57 67 e5 ae 07 c6 a4 88 52 42 c6 13 bd d8 5a 6e a9 1f 59 f3 fb ab c2 0c e6 95 4e c7 7d 6c 4d c9 9b be e2 20 f2 20 08 1c 09 1d 24 7a 14 03 01 00 01 01 16 03 01 00 30 74 38 1e 82 71 fc 53 bb b5 b5 19 76 29 87 85 3e 5c e9 a4 e4 e4 85 91 0f a9 ef 91 35 aa 6c b0 0a f2 02 97 01 5b 1a f0 80 45 a2 6e 7d ae 05 5d 53 50 12 f0 df f3 23 ba 63 47 14 70 4f 27 8d 00 b9 6f 28
RADIUS message: code=1 (Access-Request) identifier=7 length=247
   Attribute 1 (User-Name) length=19
      Value: '00:0B:6C:E1:37:E2'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 192.168.3.99
   Attribute 31 (Calling-Station-Id) length=8
      Value: '<00><0b>l<ffffffe1>7<ffffffe2>'
   Attribute 61 (NAS-Port-Type) length=6
      Value: 27
   Attribute 12 (Framed-MTU) length=4
      Invalid INT32 length 2
   Attribute 24 (State) length=18
      Value: 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00
   Attribute 79 (EAP-Message) length=148
      Value: 02 07 00 92 0d 00 1f c8 46 8e 1a 5b cf dd 69 8d 2a 13 70 7f d9 34 62 8c eb ca 77 1e a3 ee 15 be 8a 19 52 09 c8 38 36 35 a6 1f 3d 57 67 e5 ae 07 c6 a4 88 52 42 c6 13 bd d8 5a 6e a9 1f 59 f3 fb ab c2 0c e6 95 4e c7 7d 6c 4d c9 9b be e2 20 f2 20 08 1c 09 1d 24 7a 14 03 01 00 01 01 16 03 01 00 30 74 38 1e 82 71 fc 53 bb b5 b5 19 76 29 87 85 3e 5c e9 a4 e4 e4 85 91 0f a9 ef 91 35 aa 6c b0 0a f2 02 97 01 5b 1a f0 80 45 a2 6e 7d ae 05 5d 53
   Attribute 80 (Message-Authenticator) length=18
      Value: f0 df f3 23 ba 63 47 14 70 4f 27 8d 00 b9 6f 28
f0 df f3 23 ba 63 47 14 70 4f 27 8d 00 b9 6f 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 RADIUS SRV: Request for session 0x3
RADIUS SRV: Received EAP data - hexdump(len=146): 02 07 00 92 0d 00 1f c8 46 8e 1a 5b cf dd 69 8d 2a 13 70 7f d9 34 62 8c eb ca 77 1e a3 ee 15 be 8a 19 52 09 c8 38 36 35 a6 1f 3d 57 67 e5 ae 07 c6 a4 88 52 42 c6 13 bd d8 5a 6e a9 1f 59 f3 fb ab c2 0c e6 95 4e c7 7d 6c 4d c9 9b be e2 20 f2 20 08 1c 09 1d 24 7a 14 03 01 00 01 01 16 03 01 00 30 74 38 1e 82 71 fc 53 bb b5 b5 19 76 29 87 85 3e 5c e9 a4 e4 e4 85 91 0f a9 ef 91 35 aa 6c b0 0a f2 02 97 01 5b 1a f0 80 45 a2 6e 7d ae 05 5d 53
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=7 respMethod=13 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=146) - Flags 0x00
SSL: Received packet: Flags 0x0 Message Length 0
SSL: Received 140 bytes, waiting for 0 bytes more
SSL: All fragments received
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=2 buf='/C=US/O=WiMAX Forum(R)/CN=WiMAX Forum(R) Device Root - CA1'
TLS: Certificate verification failed, error 7 (certificate signature failure) depth 1 for '/C=CN/O=SyChip Shanghai Co., Ltd./OU=WiMAX Forum(R) Devices/CN=ENG'
SSL: (where=0x4008 ret=0x233)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:decrypt error
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3 read client certificate B
OpenSSL: tls_connection_server_handshake - SSL_accept error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm
OpenSSL: pending error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: TLS processing failed
EAP-TLS: CONTINUE -> FAILURE
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method failed -> FAILURE
EAP: EAP entering state FAILURE
EAP: Building EAP-Failure (id=7)
RADIUS SRV: EAP data from the state machine - hexdump(len=4): 04 07 00 04
RADIUS SRV: Reply to 192.168.3.99:1024
RADIUS message: code=3 (Access-Reject) identifier=7 length=44
*******************************************************************
it seems that the server rejects the device certificate because of signture failure, but the authentication is pass with freeradius server under the same condition. 
Do you have any suggestion for me? thanks.
 
regards,
Yan 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20110402/56fa33ba/attachment.htm 


More information about the HostAP mailing list