802.1x wired EAP authentication failed by using wpa_supplicant

Haohao Lee hayatelee at gmail.com
Tue May 12 01:46:04 EDT 2015


Hi all,

I'm using wpa_supplicant with OpenWrt to auth my corporation network but
failed.

The version is wpa_supplicant v2.3-devel and the command line is:

wpa_supplicant -i eth2 -c /etc/wpa_supplicant.conf -D wired -dd


The conf is:

ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=root
> ap_scan=0
> network={
>        key_mgmt=IEEE8021X
>        eap=PEAP
>        identity="username"
>        password="password"
>        phase2="auth=MSCHAPV2"
>        priority=2
> }


The result is:
 Successfully initialized wpa_supplicant

> eth2: Associated with xx:xx:xx:xx:xx:xx
> eth2: CTRL-EVENT-EAP-STARTED EAP authentication started
> eth2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
> eth2: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
> X509: Certificate not valid (now=1431398943 not_before=1410401515
> not_after=28799)
> eth2: CTRL-EVENT-EAP-FAILURE EAP authentication failed


Note that not_after is less than not_before, which is weird.

My corporation uses self-issued cert, whose validity is from 2014 to 2063.

Is this a bug?


ps: I can use phase1="tls_disable_time_checks=1" to get around this, bu it
is not safe, is it?

thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150512/e761c3b6/attachment.htm>


More information about the HostAP mailing list