Control: forcemerge 668612 -1

Hi

On Friday 02 November 2012, Klaus Knopper wrote:
> Package: wpasupplicant
> Version: 1.0-3
> Severity: normal
> 
> 
> In an eduroam environment (which is basically WPA-Enterprise), I can
> confirm disconnects without the possibility to reconnect when using
> wpa_supplicant wit network-manager. Killing and restarting
> wpa_supplicant allows a temporary reconnect.

This is
        http://w1.fi/bugz/show_bug.cgi?id=447
respectively
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668612
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561081
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574714
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=579297
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667706

> When researching the problem, I found this posting:
> https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/429370/comments/19
> 
> It states that the problem may be actually an openssl bug which lets the 
> rekeying
> process fail permamently, and recommended recompiling with gnutls instead of
> openssl. I did this:
[…]

The problem with this suggestion and the according patch, is that it 
switches from one (known) set of bugs to another (unknown) one. While
linking to gnutls is supported upstream, none of the major 
distributions (not even Ubuntu) actually does so, which makes it pretty
much untested in practice. Even if we wanted to switch to gnutls, doing
so simply isn't possible at this stage of Debian's release process and 
in freeze*.

*)      However technically speaking, we can't switch to gnutls anytime 
        soon, because gnutls doesn't provide an udeb, which is needed for 
        using wpa_supplicant by the Debian installer (d-i). While your 
        package build against gnutls succeeded, you have most likely ended 
        with an unsatisfiable (in the d-i/ udeb context) dependency on 
        libgnutls26-udeb for wpasupplicant-udeb_*.udeb (dpkg-gensymbols 
        employs very crude heuristics to construct the dependencies for 
        udeb packages without actually having access to a udeb context).

[…]
> and have been testing the modified package for about a month now, the
> frequent disconnects have completely disappeared.
> 
> The right place for a real fix would probably be openssl, but the
> problem does not seem to be addressed or sufficiently researched there,
> so the workaround by using gnutls instead of openssl gnutls seems to be
> the best option for now.
[…]

At this moment it is not obvious to me if wpa_supplicant is broken, or 
if some popular commercial wlan installations used for eduroam 
institutions are to blame. While, given the ubiquity and prevalence of 
this issue in academic environments, it might be possible that 
wpa_supplicant may need to work around the problem, however this would 
best be fixed at wpa_supplicant's upstream. Unfortunately none of the 
current wpa maintainers for Debian has access to an affected wlan setup
in order to try to reproduce the problem, nor has enough information to
recreate an affected EAP/ PAP setup for debugging, which significantly
reduces our abilities to help. Therefore it's probably best to engage
with wpa_supplicant upstream to get this fixed once and for all.

Regards
        Stefan Lippers-Hollmann

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to