<div dir="ltr"><div class="gmail_quote"><br><div dir="ltr"><div class="gmail_quote"><div dir="ltr">Hi,<div><br></div><div>As per our previous findings came to know that wpa_supplicant has an internal TLS support which is enabled when <b>CONFIG_TLS</b> is configured to <b>internal</b>.Able to set the TLS to internal in config file and build it successfully.When tried to associate with an AP which is configured to EAP-TLS method, it fails during EAP-TLS conversation.The wpa_supplciant fails to send response with <br>
<span style="font-size:11pt;font-family:Arial,sans-serif">client_hello
handshake message</span> for EAP_START request from AUTHENTICATOR (hostapd radius server). From the debug logs came to know that it is failing to parse the private key.We tried changing the formats of the certificates(.der and .pem), but didn't help.Tried with 0.6.x and 2.0 supplicant versions.</div>
<div>Below are the error logs:<br><div><b><br></b></div><div><b>1381135499.884925: TLSv1: Added certificate: C=FR, ST=Radius, L=Somewhere, O=Example Inc., CN=Example Certificate Authority/emailAddress=<a href="mailto:admin@example.com">admin@example.com</a></b></div>
<div><b>1381135499.884944: PKCS #8: Expected zero INTEGER in the beginning of private key; not found; assume PKCS #8 not used</b></div><div><b>1381135499.884947: PKCS #8: Expected SEQUENCE (AlgorithmIdentifier) - found class 0 tag 0x2; assume encrypted PKCS #8 not used</b></div>
<div><b>1381135499.884950: Trying to parse PKCS #1 encoded RSA private key</b></div><div><b>1381135499.884953: RSA: Expected zero INTEGER in the beginning of private key; not found</b></div><div><b>1381135499.885092: TLSv1: Failed to parse private key</b></div>
<div><b>1381135499.885094: TLS: Failed to load private key</b></div><div><b>1381135499.885097: TLS: Failed to set TLS connection parameters</b></div><div><b>1381135499.885099: TLSv1: Selected cipher suite: 0x0000</b></div>
<div><b>1381135499.885102: TLSv1: Record Layer - New write cipher suite 0x0000</b></div><div><b>1381135499.885104: TLSv1: Record Layer - New read cipher suite 0x0000</b></div><div><b>1381135499.885106: EAP-TLS: Failed to initialize SSL.</b></div>
<div><b>1381135499.885111: ra0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)</b></div><div><b>1381135499.885113: EAP: Building EAP-Nak (requested type 13 vendor=0 method=0 not allowed)</b></div><div><br>
</div>
<br>This works fine when TLS is configured to openssl.Please let us know for more details on it.</div><div><br></div><div>Thanks</div></div></div></div></div></div>