Per downstream https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343 :
> I am still unable to connect with openssl 1.0.1-4ubuntu2. I . It looks like > the same problem as before. Here is a bit of syslog: > > Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: > CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 > Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: CTRL-EVENT-EAP-METHOD EAP > vendor 0 method 25 (PEAP) selected > Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: SSL: SSL3 alert: read (remote > end reported an error):fatal:bad certificate > Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: OpenSSL: openssl_handshake - > SSL_connect error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate > Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: CTRL-EVENT-EAP-FAILURE EAP > authentication failed > Apr 19 08:42:51 fin8344m2 kernel: [ 77.468839] wlan0: deauthenticated from > 00:11:92:3e:79:80 (Reason: 23) > Apr 19 08:42:51 fin8344m2 wpa_supplicant[1120]: CTRL-EVENT-DISCONNECTED > bssid=00:11:92:3e:79:80 reason=23 It's unclear to me whether this a wpa_supplicant bug or an openssl bug, but reverting to an older openssl version (say, 1.0.0e) addresses the problem. However, per the redhat filing at: https://bugzilla.redhat.com/show_bug.cgi?id=798187 : > This message means that eap_peer_tls_derive_key() function failed. I'd need > more low level debugging output to find out which function called from > OpenSSL library fails or behaves differently. > > I suppose it is related to the new TLS-1.2 support in openssl-1.0.1. Perhaps > the wpa_supplicant should forcibly limit the TLS version to 1.0? > > Reassingning to wpa_supplicant for better insight from wpa_supplicant > maintainers. Also filed for debian at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667706 At for wpa_supplicant at: http://w1.fi/bugz/show_bug.cgi?id=447 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org