Fwd: WPA_SUPPLICANT : Issues with supplicant when TLS configured to internal TLSv1

Karunakar Reddy karan.tillu at gmail.com
Tue Oct 8 01:32:52 EDT 2013


As per our previous findings came to know that wpa_supplicant has an
internal TLS support which is enabled when  *CONFIG_TLS* is configured to *
internal*.Able to set the TLS to internal in config file and build
it successfully.When tried to associate with an AP which is configured to
EAP-TLS method, it fails during EAP-TLS conversation.The wpa_supplciant
fails to send response with
client_hello handshake message for EAP_START request from AUTHENTICATOR
(hostapd radius server). From the debug logs  came to know that it is
failing to parse the private key.We tried changing the formats of the
certificates(.der and .pem), but didn't help.Tried with 0.6.x and 2.0
supplicant versions.
Below are the error logs:
*1381135499.884925: TLSv1: Added certificate: C=FR, ST=Radius, L=Somewhere,
O=Example Inc., CN=Example Certificate Authority/emailAddress=
admin at example.com*
*1381135499.884944: PKCS #8: Expected zero INTEGER in the beginning of
private key; not found; assume PKCS #8 not used*
*1381135499.884947: PKCS #8: Expected SEQUENCE (AlgorithmIdentifier) -
found class 0 tag 0x2; assume encrypted PKCS #8 not used*
*1381135499.884950: Trying to parse PKCS #1 encoded RSA private key*
*1381135499.884953: RSA: Expected zero INTEGER in the beginning of private
key; not found*
*1381135499.885092: TLSv1: Failed to parse private key*
*1381135499.885094: TLS: Failed to load private key*
*1381135499.885097: TLS: Failed to set TLS connection parameters*
*1381135499.885099: TLSv1: Selected cipher suite: 0x0000*
*1381135499.885102: TLSv1: Record Layer - New write cipher suite 0x0000*
*1381135499.885104: TLSv1: Record Layer - New read cipher suite 0x0000*
*1381135499.885106: EAP-TLS: Failed to initialize SSL.*
*1381135499.885111: ra0: EAP: Failed to initialize EAP method: vendor 0
method 13 (TLS)*
*1381135499.885113: EAP: Building EAP-Nak (requested type 13 vendor=0
method=0 not allowed)*

This works fine when TLS is configured to openssl.Please let us know for
more details on it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20131008/9a36ac11/attachment.htm>

More information about the HostAP mailing list