openssl error while retreaving key from smartcard from wpa_supplicant?

Carles Fernandez i Julia Mon, 25 Jun 2007 01:16:30 -0700

Hi
I'm currently trying to authenticate using EAP-TLS using smartcard with
wpa_supplicant and I get this error:


OpenSSL: tls_connection_engine_private_key - Private key failed
verification error:140A30B1:SSL routines:SSL_check_private_key:no
certificate assigned

I got some messages "Error: can't open /var/run/openct/status: No such
file or directory" but I get these messages always when I use my
smartcard reader (and it works).

I've googled and i got nothing useful. Any idea?

ps: I've ***ed personal data from attached files

thanks,
Carles

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
fast_reauth=1
pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
pkcs11_module_path=/usr/lib/opensc-pkcs11.so

network={
        ssid="*****"
        key_mgmt=WPA-EAP
        eap=TLS
        proto=WPA
        pairwise=TKIP
        group=TKIP
        identity="[EMAIL PROTECTED]"
        ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt"
        #client_cert="/etc/cert/user.pem"

#       scan_ssid=1
        engine=1

        # The engine configured here must be available. Look at
        # OpenSSL engine support in the global section.
        # The key available through the engine must be the private key
        # matching the client certificate configured above.

        # use the opensc engine
        #engine_id="opensc"
        #key_id="45"

        # use the pkcs11 engine
        engine_id="pkcs11"
        key_id="e451d1d1197caf4c74c33d9143986a28c9c34a55"

        # Optional PIN configuration; this can be left out and PIN will be
        # asked through the control interface
        pin="****"
}

[EMAIL PROTECTED]:~$ sudo wpa_supplicant -D wext -i eth1 -c 
/etc/wpa_supplicant/wpa_supplicant.conf -ddd
Initializing interface 'eth1' conf '/etc/wpa_supplicant/wpa_supplicant.conf' 
driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> 
'/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group='0' (DEPRECATED)
eapol_version=1
fast_reauth=1
pkcs11_engine_path='/usr/lib/engines/engine_pkcs11.so'
pkcs11_module_path='/usr/lib/opensc-pkcs11.so'
Line: 17 - start of a new network block
ssid - hexdump_ascii(len=7):
     ** ** ** ** **                              *****
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00
proto: 0x1
pairwise: 0x8
group: 0x8
identity - hexdump_ascii(len=40):
     ** ** ** ** ** *** ** ** ***********
ca_cert - hexdump_ascii(len=48):
     2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63   /etc/wpa_supplic
     61 6e 74 2f 43 41 5f 43 41 54 43 65 72 74 50 50   ant/CA_CATCertPP
     5f 47 6c 6f 62 61 6c 54 72 75 73 74 2e 63 72 74   _GlobalTrust.crt
engine=1 (0x1)
engine_id - hexdump_ascii(len=6):
     70 6b 63 73 31 31                                 pkcs11
key_id - hexdump_ascii(len=40):
     65 34 35 31 64 31 64 31 31 39 37 63 61 66 34 63   e451d1d1197caf4c
     37 34 63 33 33 64 39 31 34 33 39 38 36 61 32 38   74c33d9143986a28
     63 39 63 33 34 61 35 35                           c9c34a55
pin - hexdump_ascii(len=4): [REMOVED]
Priority group 0
   id=0 ssid='*******'
Initializing interface (2) 'eth1'
ENGINE: Loading dynamic engine
ENGINE: Loading pkcs11 Engine from /usr/lib/engines/engine_pkcs11.so
ENGINE: 'SO_PATH' '/usr/lib/engines/engine_pkcs11.so'
ENGINE: 'ID' 'pkcs11'
ENGINE: 'LIST_ADD' '1'
ENGINE: 'LOAD' '(null)'
ENGINE: 'MODULE_PATH' '/usr/lib/opensc-pkcs11.so'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=21 WE(source)=16 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:13:02:61:79:24
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
Setting scan request: 0 sec 100000 usec
ctrl_interface_group=0
Added interface eth1
RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Trying to get current scan results first without requesting a new scan to speed 
up initial association
Received 1539 bytes of scan results (7 BSSes)
Scan results: 7
Selecting BSS from priority group 0
0: 00:0e:38:0d:04:a0 ssid='*******' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
Trying to associate with 00:0e:38:0d:04:a0 (SSID='*******' freq=0 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 proto 1
WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 
00 50 f2 02 01 00 00 50 f2 01
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 
02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=15
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0e:38:0d:04:a0
State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:0e:38:0d:04:a0
No keys have been configured - skip key clearing
Associated with 00:0e:38:0d:04:a0
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RX EAPOL from 00:0e:38:0d:04:a0
RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=40):
     43 50 49 53 52 2d 31 20 43 61 72 6c 6f 73 20 46   CPISR-1 Carlos F
     72 61 67 6f 73 6f 20 4d 61 72 69 73 63 61 6c 40   ragoso Mariscal@
     63 65 73 63 61 2e 65 73                           cesca.es
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=49): 01 00 00 2d 02 01 00 2d 01 43 50 49 53 52 2d 31 20 
43 61 72 6c 6f 73 20 46 72 61 67 6f 73 6f 20 4d 61 72 69 73 63 61 6c 40 63 65 
73 63 61 2e 65 73
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0e:38:0d:04:a0
RX EAPOL - hexdump(len=46): 01 00 00 06 01 02 00 06 0d 20 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
TLS: Trusted root certificate(s) loaded
SSL: Initializing TLS engine
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
ENGINE: engine initialized
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
Error: can't open /var/run/openct/status: No such file or directory
OpenSSL: tls_connection_engine_private_key - Private key failed verification 
error:140A30B1:SSL routines:SSL_check_private_key:no certificate assigned
TLS: Failed to load private key
CTRL-REQ-PIN-0:PIN needed for SSID *******
EAP-TLS: Failed to initialize SSL.
ENGINE: engine deinit
EAP-TLS: Requesting Smartcard PIN
CTRL-REQ-PIN-0:PIN needed for SSID *******
EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
EAP: Pending PIN/passphrase request - skip Nak
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: startWhen --> 0
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface eth1
State: ASSOCIATED -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_deauthenticate
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
wpa_driver_wext_set_wpa
wpa_driver_wext_set_drop_unencrypted
wpa_driver_wext_set_countermeasures
No keys have been configured - skip key clearing
WEXT: Operstate: linkmode=0, operstate=6
Cancelling scan request

openssl error while retreaving key from smartcard from wpa_supplicant?

Reply via email to