Bug#911297: marked as done (wpasupplicant: WPA EAP broken)

Debian Bug Tracking System Thu, 10 Jan 2019 16:12:43 -0800

Your message dated Fri, 11 Jan 2019 00:09:38 +0000
with message-id <[email protected]>
and subject line Bug#911297: fixed in wpa 2:2.7-3
has caused the Debian Bug report #911297,
regarding wpasupplicant: WPA EAP broken
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
911297: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911297
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: wpasupplicant
Version: 2:2.6-18
Severity: important


Hi.

I think since some recent openssl upgrade any WPA-EAP connections no longer 
work:
Oct 18 11:06:26 heisenberg wpa_supplicant[3434]: Successfully initialized 
wpa_supplicant
Oct 18 11:06:26 heisenberg kernel: IPv6: ADDRCONF(NETDEV_UP): wlan0: link is 
not ready
Oct 18 11:06:26 heisenberg dhclient[3452]: Internet Systems Consortium DHCP 
Client 4.3.5
Oct 18 11:06:26 heisenberg dhclient[3452]: Copyright 2004-2016 Internet Systems 
Consortium.
Oct 18 11:06:26 heisenberg dhclient[3452]: All rights reserved.
Oct 18 11:06:26 heisenberg dhclient[3452]: For info, please visit 
https://www.isc.org/software/dhcp/
Oct 18 11:06:26 heisenberg dhclient[3452]: 
Oct 18 11:06:26 heisenberg dhclient[3452]: Listening on 
LPF/wlan0/f8:34:41:76:03:9a
Oct 18 11:06:26 heisenberg dhclient[3452]: Sending on   
LPF/wlan0/f8:34:41:76:03:9a
Oct 18 11:06:26 heisenberg dhclient[3452]: Sending on   Socket/fallback
Oct 18 11:06:26 heisenberg dhclient[3452]: DHCPDISCOVER on wlan0 to 
255.255.255.255 port 67 interval 6
Oct 18 11:06:29 heisenberg wpa_supplicant[3437]: wlan0: SME: Trying to 
authenticate with 00:26:3e:5a:42:89 (SSID='eduroam' freq=5200 MHz)
Oct 18 11:06:29 heisenberg kernel: wlan0: authenticate with 00:26:3e:5a:42:89
Oct 18 11:06:29 heisenberg kernel: wlan0: send auth to 00:26:3e:5a:42:89 (try 
1/3)
Oct 18 11:06:29 heisenberg wpa_supplicant[3437]: wlan0: Trying to associate 
with 00:26:3e:5a:42:89 (SSID='eduroam' freq=5200 MHz)
Oct 18 11:06:29 heisenberg kernel: wlan0: authenticated
Oct 18 11:06:29 heisenberg kernel: wlan0: associate with 00:26:3e:5a:42:89 (try 
1/3)
Oct 18 11:06:29 heisenberg kernel: wlan0: RX AssocResp from 00:26:3e:5a:42:89 
(capab=0x511 status=0 aid=6)
Oct 18 11:06:29 heisenberg wpa_supplicant[3437]: wlan0: Associated with 
00:26:3e:5a:42:89
Oct 18 11:06:29 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-EAP-STARTED 
EAP authentication started
Oct 18 11:06:29 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 18 11:06:29 heisenberg kernel: wlan0: associated
Oct 18 11:06:29 heisenberg kernel: wlan0: Limiting TX power to 11 (11 - 0) dBm 
as advertised by 00:26:3e:5a:42:89
Oct 18 11:06:29 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
Oct 18 11:06:29 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-EAP-METHOD 
EAP vendor 0 method 21 (TTLS) selected
Oct 18 11:06:30 heisenberg wpa_supplicant[3437]: SSL: SSL3 alert: write (local 
SSL3 detected an error):fatal:protocol version
Oct 18 11:06:30 heisenberg wpa_supplicant[3437]: OpenSSL: openssl_handshake - 
SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported 
protocol
Oct 18 11:06:31 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-EAP-FAILURE 
EAP authentication failed
Oct 18 11:06:31 heisenberg kernel: wlan0: deauthenticated from 
00:26:3e:5a:42:89 (Reason: 1=UNSPECIFIED)
Oct 18 11:06:31 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-DISCONNECTED 
bssid=00:26:3e:5a:42:89 reason=1
Oct 18 11:06:31 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=1 duration=10 
reason=AUTH_FAILED
Oct 18 11:06:31 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Oct 18 11:06:31 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=DE
Oct 18 11:06:32 heisenberg dhclient[3452]: DHCPDISCOVER on wlan0 to 
255.255.255.255 port 67 interval 8
Oct 18 11:06:40 heisenberg dhclient[3452]: DHCPDISCOVER on wlan0 to 
255.255.255.255 port 67 interval 11
Oct 18 11:06:41 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-SSID-REENABLED id=0 ssid="eduroam"
Oct 18 11:06:41 heisenberg wpa_supplicant[3437]: wlan0: SME: Trying to 
authenticate with 00:26:3e:5a:42:88 (SSID='eduroam' freq=2412 MHz)
Oct 18 11:06:41 heisenberg kernel: wlan0: authenticate with 00:26:3e:5a:42:88
Oct 18 11:06:41 heisenberg kernel: wlan0: send auth to 00:26:3e:5a:42:88 (try 
1/3)
Oct 18 11:06:41 heisenberg wpa_supplicant[3437]: wlan0: Trying to associate 
with 00:26:3e:5a:42:88 (SSID='eduroam' freq=2412 MHz)
Oct 18 11:06:41 heisenberg kernel: wlan0: authenticated
Oct 18 11:06:41 heisenberg kernel: wlan0: associate with 00:26:3e:5a:42:88 (try 
1/3)
Oct 18 11:06:41 heisenberg kernel: wlan0: RX AssocResp from 00:26:3e:5a:42:88 
(capab=0x431 status=1 aid=0)
Oct 18 11:06:41 heisenberg kernel: wlan0: 00:26:3e:5a:42:88 denied association 
(code=1)
Oct 18 11:06:41 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-ASSOC-REJECT 
bssid=00:26:3e:5a:42:88 status_code=1
Oct 18 11:06:41 heisenberg wpa_supplicant[3437]: wlan0: SME: Deauth request to 
the driver failed
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: wlan0: SME: Trying to 
authenticate with 00:26:3e:5a:d4:88 (SSID='eduroam' freq=2462 MHz)
Oct 18 11:06:42 heisenberg kernel: wlan0: authenticate with 00:26:3e:5a:d4:88
Oct 18 11:06:42 heisenberg kernel: wlan0: send auth to 00:26:3e:5a:d4:88 (try 
1/3)
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: wlan0: Trying to associate 
with 00:26:3e:5a:d4:88 (SSID='eduroam' freq=2462 MHz)
Oct 18 11:06:42 heisenberg kernel: wlan0: authenticated
Oct 18 11:06:42 heisenberg kernel: wlan0: associate with 00:26:3e:5a:d4:88 (try 
1/3)
Oct 18 11:06:42 heisenberg kernel: wlan0: RX AssocResp from 00:26:3e:5a:d4:88 
(capab=0x431 status=0 aid=4)
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: wlan0: Associated with 
00:26:3e:5a:d4:88
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-EAP-STARTED 
EAP authentication started
Oct 18 11:06:42 heisenberg kernel: wlan0: associated
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-EAP-METHOD 
EAP vendor 0 method 21 (TTLS) selected
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: SSL: SSL3 alert: write (local 
SSL3 detected an error):fatal:protocol version
Oct 18 11:06:42 heisenberg wpa_supplicant[3437]: OpenSSL: openssl_handshake - 
SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported 
protocol
Oct 18 11:06:44 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-EAP-FAILURE 
EAP authentication failed
Oct 18 11:06:44 heisenberg kernel: wlan0: deauthenticated from 
00:26:3e:5a:d4:88 (Reason: 1=UNSPECIFIED)
Oct 18 11:06:44 heisenberg wpa_supplicant[3437]: wlan0: CTRL-EVENT-DISCONNECTED 
bssid=00:26:3e:5a:d4:88 reason=1
Oct 18 11:06:44 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=2 duration=23 
reason=AUTH_FAILED
Oct 18 11:06:44 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Oct 18 11:06:44 heisenberg wpa_supplicant[3437]: wlan0: 
CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=DE


As you can see, there is some error in the SSL handshake.

Any ideas on how to fix this?

Cheers,
Chris.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages wpasupplicant depends on:
ii  adduser           3.118
ii  libc6             2.27-6
ii  libdbus-1-3       1.12.10-1
ii  libnl-3-200       3.4.0-1
ii  libnl-genl-3-200  3.4.0-1
ii  libpcsclite1      1.8.24-1
ii  libreadline7      7.0-5
ii  libssl1.1         1.1.1-1
ii  lsb-base          9.20170808

wpasupplicant recommends no packages.

Versions of packages wpasupplicant suggests:
pn  libengine-pkcs11-openssl  <none>
ii  wpagui                    2:2.6-18

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: wpa
Source-Version: 2:2.7-3

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrej Shadura <[email protected]> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 11 Jan 2019 00:17:14 +0100
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2:2.7-3
Distribution: unstable
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <[email protected]>
Changed-By: Andrej Shadura <[email protected]>
Description:
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 885957 907518 911297 918861
Changes:
 wpa (2:2.7-3) unstable; urgency=medium
 .
   * Upload to unstable.
   * Refresh dbus-available-sta.patch from the upstream.
   * Since we use Type=forking, pass -B to hostapd (Closes: #918861).
   * Apply upstream fixes for 802.1X 4-way handshake offload.
   * Bump Standards-Version to 4.3.0.
   * Use debhelper-compat (= 12).
   * Drop dh_systemd_enable calls and overrides.
   * Move manual installs into .install as much as possible.
   * Drop ancient preinst scripts.
   * Add Pre-Depends to hostapd.
   * Display a warning if DAEMON_CONF is not /etc/hostapd/hostapd.conf.
   * Default to /etc/hostapd/hostapd.conf.
   * Update README.Debian in hostapd.
 .
 wpa (2:2.7-2) experimental; urgency=medium
 .
   * Re-enable TLSv1.0 and security level 1 for wpasupplicant
     (Closes: #907518, #911297).
   * Enable more build-time options.
   * Flip CONFIG_DRIVER_MACSEC_QCA on Linux and kFreeBSD
   * Add DPP README.
   * Make wpa_supplicant reproducible.
 .
 wpa (2:2.7-1) experimental; urgency=medium
 .
   * New upstream version 2.7.
   * Enable FILS.
   * Add debian/upstream/signing-key.asc, update debian/watch to
     verify PGP signatures on tarballs.
 .
 wpa (2:2.7~git20181004+1dd66fc-1) experimental; urgency=medium
 .
   * New upstream snapshot 2.7~git20181004+1dd66fc.
 .
 wpa (2:2.7~git20180706+420b5dd-1) experimental; urgency=medium
 .
   * New upstream snapshot 2.7~git20180706+420b5dd.
   * Disable dbus-available-sta.patch since it is not ready for use yet.
   * Enable OWE, DPP and SAE
 .
 wpa (2:2.7~git20180606+b915f2c-1) experimental; urgency=medium
 .
   * New upstream snapshot 2.7~git20180606+b915f2c.
   * Remove dbus changes to StaAuthorized/StaDeauthorized after discussions
     with the upstream.
 .
 wpa (2:2.7~git20180504+60a5737-1) experimental; urgency=medium
 .
   * New upstream snapshot 2.7~git20180504+60a5737.
   * Synchronise configs from the upstream.
   * Drop patches previously cherry-picked from the upstream.
   * Support ACS (Closes: #885957).
Checksums-Sha1:
 41009e604bddf218d207001a4986f49c8aa94582 2137 wpa_2.7-3.dsc
 a37163b6223b36620a6414c3df97d440fe9a2792 88172 wpa_2.7-3.debian.tar.xz
Checksums-Sha256:
 3d81922671e40983203e0ac5d6dcedf895762880b70f5bfee80f0e4afeaa2911 2137 
wpa_2.7-3.dsc
 32cde73244e2827d033357883806605bfab762839edae789c67c16f65477e404 88172 
wpa_2.7-3.debian.tar.xz
Files:
 6593fe0dfbbdeac82602e4794f933c97 2137 net optional wpa_2.7-3.dsc
 5ae8a2b393f06313e938e43dd74cf982 88172 net optional wpa_2.7-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlw30zYACgkQXkCM2RzY
OdKAtAgAkDUBTXxJ7h9VukImIevYzs8wmPDVWaSVdDcpRYcrtIiAWKCO31DUWp4Q
QHUE350WWEG6eZw8Kfw/pSF/1EulC8WPHiLCoIlHe3zSTompzD/a/wQnNtSVBFhm
16GBWi1tKhd2o9fBxnp1jzS7CFqhNdDRPiKjaI+uUtrIaQ+q8d8b81ylXmMfiVL1
WPnh4i2dFrJcoZu6d5X7rFqjLq1J6hPzju8OsfJy64wKUTrcbgCzaiMn4JbREWi8
MwbpEZdhkIMw9NhYt6NYmiThAkUc8SLG2sdJ5BVDhNujgv6UcPyepX5Di75genmD
ApWCCHTZBs2Wc9F1ORYwVt5bEY4XWw==
=VN72
-----END PGP SIGNATURE-----

--- End Message ---

Bug#911297: marked as done (wpasupplicant: WPA EAP broken)

Reply via email to