<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">hello all,<br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div>i am now using wpa_supplicant for EAP-TLS, i am using certificates provided with freeradius.org.<br>my server is saying access-accept for local host but when i am trying to connect i am getting errors related to ssl<br>can u giude me what to do to make it work?<br>i am giving u my wpa_supplicant file and my result log, hope u figure out what is problem and can help me out!!!!<br><br>my wpa_supplicant.conf is:-<br>ctrl_interface=/var/run/wpa_supplicant<br>ctrl_interface_group=wheel<br>#ap_scan =
2<br>network={<br>ssid="ATH183"<br>scan_ssid=1<br>key_mgmt=WPA-EAP<br>eap=TLS<br>identity="shantanu"<br>ca_cert="/root/D/radius/wpa_helper_package/certs/demoCA/cacert.pem"<br>client_cert="/root/D/radius/wpa_helper_package/certs/cert-clt.der"<br>private_key="/root/D/radius/wpa_helper_package/certs/cert-clt.der"<br>password="whatever"<br>}<br><br>my result is some what like this:-<br><br>Initializing interface 'ath0' conf '/etc/wpa_supplicant/WPA_EAP_TLS.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'<br>Configuration file '/etc/wpa_supplicant/WPA_EAP_TLS.conf' -> '/etc/wpa_supplicant/WPA_EAP_TLS.conf'<br>Reading configuration file '/etc/wpa_supplicant/WPA_EAP_TLS.conf'<br>ctrl_interface='/var/run/wpa_supplicant'<br>ctrl_interface_group='wheel' (DEPRECATED)<br>Line: 4 - start of a new network block<br>ssid - hexdump_ascii(len=6):<br> 41 54 48 31 38
33 ATH183 <br>scan_ssid=1 (0x1)<br>key_mgmt: 0x1<br>eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00<br>identity - hexdump_ascii(len=8):<br> 73 68 61 6e 74 61 6e 75 shantanu <br>ca_cert - hexdump_ascii(len=57):<br> 2f 72 6f 6f 74 2f 44 2f 72 61 64 69 75 73 2f 77 /root/D/radius/w 70 61 5f 68 65 6c 70 65 72 5f 70 61 63 6b 61 67 pa_helper_packag 65 2f 63 65 72 74 73 2f 64 65 6d 6f 43 41 2f
63 e/certs/demoCA/c 61 63 65 72 74 2e 70 65 6d acert.pem <br>client_cert - hexdump_ascii(len=52):<br> 2f 72 6f 6f 74 2f 44 2f 72 61 64 69 75 73 2f 77 /root/D/radius/w 70 61 5f 68 65 6c 70 65 72 5f 70 61 63 6b 61 67 pa_helper_packag 65 2f 63 65 72 74 73 2f 63 65 72 74 2d 63 6c 74 e/certs/cert-clt 2e 64 65 72 .der <br>private_key -
hexdump_ascii(len=52):<br> 2f 72 6f 6f 74 2f 44 2f 72 61 64 69 75 73 2f 77 /root/D/radius/w 70 61 5f 68 65 6c 70 65 72 5f 70 61 63 6b 61 67 pa_helper_packag 65 2f 63 65 72 74 73 2f 63 65 72 74 2d 63 6c 74 e/certs/cert-clt 2e 64 65 72 .der <br>password - hexdump_ascii(len=8): [REMOVED]<br><br>Priority group 0<br> id=0 ssid='ATH183'<br>Initializing interface (2) 'ath0'<br>EAPOL: SUPP_PAE entering state DISCONNECTED<br>EAPOL: KEY_RX entering state NO_KEY_RECEIVE<br>EAPOL: SUPP_BE entering state INITIALIZE<br>EAP: EAP entering state
DISABLED<br>EAPOL: External notification - portEnabled=0<br>EAPOL: External notification - portValid=0<br>SIOCGIWRANGE: WE(compiled)=22 WE(source)=13 enc_capa=0xf<br> capabilities: key_mgmt 0xf enc 0xf<br>WEXT: Operstate: linkmode=1, operstate=5<br>Own MAC address: 00:03:7f:00:00:d6<br>wpa_driver_wext_set_wpa<br>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0<br>wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0<br>wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0<br>wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0<br>wpa_driver_wext_set_countermeasures<br>wpa_driver_wext_set_drop_unencrypted<br>Setting scan request: 0 sec 100000 usec<br>ctrl_interface_group=10 (from group name 'wheel')<br>Added interface ath0<br>RTM_NEWLINK: operstate=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])<br>Wireless event: cmd=0x8b06 len=8<br>RTM_NEWLINK: operstate=0 ifi_flags=0x11003
([UP][LOWER_UP])<br>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added<br>State: DISCONNECTED -> SCANNING<br>Starting AP scan (specific SSID)<br>Scan SSID - hexdump_ascii(len=6):<br> 41 54 48 31 38 33 ATH183 <br>Trying to get current scan results first without requesting a new scan to speed up initial association<br>Received 1929 bytes of scan results (9 BSSes)<br>Scan results: 9<br>Selecting BSS from priority group 0<br>0: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=28 rsn_ie_len=0 caps=0x11<br> skip - SSID mismatch<br>1: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=24 rsn_ie_len=0 caps=0x11<br> selected based on WPA IE<br>Trying to associate with 00:03:7f:09:60:7e (SSID='ATH183'
freq=2462 MHz)<br>Cancelling scan request<br>WPA: clearing own WPA/RSN IE<br>Automatic auth_alg selection: 0x1<br>WPA: using IEEE 802.11i/D3.0<br>WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 proto 1<br>WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01<br>WPA: clearing AP RSN IE<br>WPA: using GTK TKIP<br>WPA: using PTK TKIP<br>WPA: using KEY_MGMT 802.1X<br>WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01<br>No keys have been configured - skip key clearing<br>wpa_driver_wext_set_drop_unencrypted<br>State: SCANNING -> ASSOCIATING<br>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)<br>WEXT: Operstate: linkmode=-1, operstate=5<br>wpa_driver_wext_associate<br>---------------------------------------------------------------------<br>Received 1929 bytes of scan results (9 BSSes)<br>Scan results: 9<br>Selecting BSS from priority
group 0<br>0: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=28 rsn_ie_len=0 caps=0x11<br> skip - SSID mismatch<br>1: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=24 rsn_ie_len=0 caps=0x11<br> selected based on WPA IE<br>Already associated with the selected AP.<br>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])<br>Wireless event: cmd=0x8b15 len=20<br>Wireless event: new AP: 00:03:7f:09:60:7e<br>State: ASSOCIATING ->
ASSOCIATED<br>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)<br>WEXT: Operstate: linkmode=-1, operstate=5<br>Associated to a new BSS: BSSID=00:03:7f:09:60:7e<br>No keys have been configured - skip key clearing<br>Associated with 00:03:7f:09:60:7e<br>CTRL_IFACE monitor send - hexdump(len=23): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 38 30 35 39 2d 32 30 33 00<br>WPA: Association event - clear replay counter<br>EAPOL: External notification - portEnabled=0<br>EAPOL: External notification - portValid=0<br>EAPOL: External notification - portEnabled=1<br>EAPOL: SUPP_PAE entering state CONNECTING<br>EAPOL: SUPP_BE entering state IDLE<br>EAP: EAP entering state INITIALIZE<br>EAP: EAP entering state IDLE<br>----------------------------------------------------------------------------------------------<br>EAP: using real identity - hexdump_ascii(len=8):<br> 73 68 61 6e 74 61 6e
75 shantanu <br>EAP: EAP entering state SEND_RESPONSE<br>EAP: EAP entering
state IDLE<br>EAPOL: SUPP_BE entering state RESPONSE<br>EAPOL: txSuppRsp<br>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 73 68 61 6e 74 61 6e 75<br>EAPOL: SUPP_BE entering state RECEIVE<br>RX EAPOL from 00:03:7f:09:60:7e<br>RX EAPOL - hexdump(len=10): 01 00 00 06 01 01 00 06 0d 20<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_BE entering state REQUEST<br>EAPOL: getSuppRsp<br>EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Request id=1 method=13 vendor=0 vendorMethod=0<br>EAP: EAP entering state GET_METHOD<br>EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)<br>TLS: Trusted root certificate(s) loaded<br>OpenSSL: SSL_use_certificate_file (DER) --> OK<br>OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>OpenSSL: pending error: error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error<br>OpenSSL: pending error: error:0D08303A:asn1
encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error<br>OpenSSL: pending error: error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib<br>OpenSSL: pending error: error:140CB00D:SSL routines:SSL_use_PrivateKey_file:ASN1 lib<br>OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (PEM) failed error:0906D06C:PEM routines:PEM_read_bio:no start line<br>OpenSSL: pending error: error:140CB009:SSL routines:SSL_use_PrivateKey_file:PEM lib<br>OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag<br>OpenSSL: pending error: error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error<br>OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error<br>OpenSSL: Failed to load private key<br>TLS: Failed to load private key '/root/D/radius/wpa_helper_package/certs/cert-clt.der'<br>TLS: Failed to set TLS connection parameters<br>EAP-TLS: Failed
to initialize SSL.<br>ENGINE: engine deinit<br>EAP-TLS: Requesting private key passphrase<br>CTRL-REQ-PASSPHRASE-0:Private key passphrase needed for SSID ATH183<br>CTRL_IFACE monitor send - hexdump(len=23): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 38 30 35 39 2d 32 30 33 00<br>EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)<br>CTRL_IFACE monitor send - hexdump(len=23): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 38 30 35 39 2d 32 30 33 00<br>EAP: Pending PIN/passphrase request - skip Nak<br>EAP: EAP entering state SEND_RESPONSE<br>EAP: EAP entering state IDLE<br><br>shantanu<br></div></div><br>
<hr size="1"> Download prohibited? No problem! <a rel="nofollow" target="_blank" href="http://us.rd.yahoo.com/mail/in/ywebmessenger/*http://in.messenger.yahoo.com/webmessengerpromo.php">CHAT</a> from any browser, without download.</div><br></div></div><br>
<hr size=1></hr> Did you know? You can CHAT without downloading messenger. <a href="http://us.rd.yahoo.com/mail/in/ywebmessenger1/*http://in.messenger.yahoo.com/webmessengerpromo.php"> Know how!</a></body></html>