More questions on hs20/OSU keys and configuration.

Ben Greear greearb at candelatech.com
Wed Mar 25 15:42:58 EDT 2015


Looks like the problem below was because I didn't have OCSP stapling
enabled in the web server config.

Now on to more problems!

Thanks,
Ben

On 03/25/2015 09:41 AM, Ben Greear wrote:

> It seems that libcurl is not able to deal with OCSP.  I did a tshark dump on
> port 8888 on the 192.168.100.85 machine and I see no traffic at all, so curl
> is not asking there it seems.  Any idea what I might be doing wrong?
> 
> 
> CURLINFO_TEXT[STATE: INIT => CONNECT handle 0x1059188; line 1034 (connection #-5000) ]
> CURLINFO_TEXT[Added connection 0. The cache now contains 1 members]
> CURLINFO_TEXT[STATE: CONNECT => WAITRESOLVE handle 0x1059188; line 1071 (connection #0) ]
> CURLINFO_TEXT[  Trying 192.168.100.85...]
> CURLINFO_TEXT[STATE: WAITRESOLVE => WAITCONNECT handle 0x1059188; line 1151 (connection #0) ]
> CURLINFO_TEXT[Connected to osu.ben-ota-2.lanforge.local (192.168.100.85) port 443 (#0)]
> CURLINFO_TEXT[Marked for [keep alive]: HTTP default]
> CURLINFO_TEXT[successfully set certificate verify locations:]
> CURLINFO_TEXT[  CAfile: /home/lanforge/wifi/osu_wlan1/osu-ca.pem
>   CApath: none]
> curl_cb_ssl
> CURLINFO_TEXT[TLSv1.2, TLS handshake, Client hello (1):]
> debug - CURLINFO_SSL_DATA_OUT - 274
> CURLINFO_TEXT[STATE: WAITCONNECT => PROTOCONNECT handle 0x1059188; line 1223 (connection #0) ]
> CURLINFO_TEXT[TLSv1.2, TLS handshake, Server hello (2):]
> debug - CURLINFO_SSL_DATA_IN - 94
> OpenSSL: No OCSP response received
> CURLINFO_TEXT[TLSv1.2, TLS alert, Server hello (2):]
> debug - CURLINFO_SSL_DATA_OUT - 2
> CURLINFO_TEXT[error:14092113:SSL routines:SSL3_GET_SERVER_HELLO:serverhello tlsext]
> CURLINFO_TEXT[Marked for [closure]: Failed HTTPS connection]
> CURLINFO_TEXT[Closing connection 0]
> CURLINFO_TEXT[The cache now contains 0 members]
> CURLINFO_TEXT[Expire cleared]
> curl_easy_perform() failed: No OCSP response received
> HTTP error: No OCSP response received
> Remove OSU network connection
> wpa_command(ifname='wlan1', cmd='REMOVE_NETWORK 1')
> ===[hs20-osu-client END ]======================
> 
> 
> Thanks,
> Ben
> 
> 


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the HostAP mailing list