Package: libssl1.1 Version: 1.1.0g-2 Severity: important Tags: upstream See https://github.com/openssl/openssl/issues/3594 ; current OpenSSL breaks compatibility with the hook mechanism that wpa_supplicant used to provide the passphrase for PEM keys. The net result is this:
wpa_supplicant[7178]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 wpa_supplicant[7178]: Enter PEM pass phrase: wpa_supplicant[7178]: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag wpa_supplicant[7178]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error wpa_supplicant[7178]: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0) wpa_supplicant[7178]: TLS: Failed to load private key '/home/josh/.cert/priv-key-machine.pem' wpa_supplicant[7178]: TLS: Failed to set TLS connection parameters wpa_supplicant[7178]: EAP-TLS: Failed to initialize SSL. wpa_supplicant[7178]: wlp4s0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) wpa_supplicant[7178]: wlp4s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed Note the "Enter PEM pass phrase:" prompt, caused by wpa_supplicant not having an opportunity (via hooks) to supply the passphrase. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libssl1.1 depends on: ii debconf [debconf-2.0] 1.5.65 ii libc6 2.25-2 libssl1.1 recommends no packages. libssl1.1 suggests no packages. -- debconf information excluded