[openssl.org #2825] Bug: Unable to connect to WPA enterprise wireless

Wed, 23 May 2012 01:39:55 -0700 

Per downstream
https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343 :

> I am still unable to connect with openssl 1.0.1-4ubuntu2. I . It looks like 
> the same problem as before. Here is a bit of syslog:
>
> Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: 
> CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
> Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: CTRL-EVENT-EAP-METHOD EAP 
> vendor 0 method 25 (PEAP) selected
> Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: SSL: SSL3 alert: read (remote 
> end reported an error):fatal:bad certificate
> Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: OpenSSL: openssl_handshake - 
> SSL_connect error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad 
> certificate
> Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: CTRL-EVENT-EAP-FAILURE EAP 
> authentication failed
> Apr 19 08:42:51 fin8344m2 kernel: [ 77.468839] wlan0: deauthenticated from 
> 00:11:92:3e:79:80 (Reason: 23)
> Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: CTRL-EVENT-DISCONNECTED 
> bssid=00:11:92:3e:79:80 reason=23

It's unclear to me whether this a wpa_supplicant bug or an openssl bug, but
reverting to an older openssl version (say,  1.0.0e) addresses the problem.
However, per the redhat filing at:
https://bugzilla.redhat.com/show_bug.cgi?id=798187 :

> This message means that eap_peer_tls_derive_key() function failed. I'd need 
> more low level debugging output to find out which function called from 
> OpenSSL library fails or behaves differently.
>
> I suppose it is related to the new TLS-1.2 support in openssl-1.0.1. Perhaps 
> the wpa_supplicant should forcibly limit the TLS version to 1.0?
>
> Reassingning to wpa_supplicant for better insight from wpa_supplicant 
> maintainers.

Also filed for debian at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667706

At for wpa_supplicant at: http://w1.fi/bugz/show_bug.cgi?id=447

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to