Hi I'm currently trying to authenticate using EAP-TLS using smartcard with wpa_supplicant and I get this error:
OpenSSL: tls_connection_engine_private_key - Private key failed verification error:140A30B1:SSL routines:SSL_check_private_key:no certificate assigned I got some messages "Error: can't open /var/run/openct/status: No such file or directory" but I get these messages always when I use my smartcard reader (and it works). I've googled and i got nothing useful. Any idea? ps: I've ***ed personal data from attached files thanks, Carles
ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 eapol_version=1 fast_reauth=1 pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so pkcs11_module_path=/usr/lib/opensc-pkcs11.so network={ ssid="*****" key_mgmt=WPA-EAP eap=TLS proto=WPA pairwise=TKIP group=TKIP identity="[EMAIL PROTECTED]" ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt" #client_cert="/etc/cert/user.pem" # scan_ssid=1 engine=1 # The engine configured here must be available. Look at # OpenSSL engine support in the global section. # The key available through the engine must be the private key # matching the client certificate configured above. # use the opensc engine #engine_id="opensc" #key_id="45" # use the pkcs11 engine engine_id="pkcs11" key_id="e451d1d1197caf4c74c33d9143986a28c9c34a55" # Optional PIN configuration; this can be left out and PIN will be # asked through the control interface pin="****" }
[EMAIL PROTECTED]:~$ sudo wpa_supplicant -D wext -i eth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -ddd Initializing interface 'eth1' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A' Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group='0' (DEPRECATED) eapol_version=1 fast_reauth=1 pkcs11_engine_path='/usr/lib/engines/engine_pkcs11.so' pkcs11_module_path='/usr/lib/opensc-pkcs11.so' Line: 17 - start of a new network block ssid - hexdump_ascii(len=7): ** ** ** ** ** ***** key_mgmt: 0x1 eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 proto: 0x1 pairwise: 0x8 group: 0x8 identity - hexdump_ascii(len=40): ** ** ** ** ** *** ** ** *********** ca_cert - hexdump_ascii(len=48): 2f 65 74 63 2f 77 70 61 5f 73 75 70 70 6c 69 63 /etc/wpa_supplic 61 6e 74 2f 43 41 5f 43 41 54 43 65 72 74 50 50 ant/CA_CATCertPP 5f 47 6c 6f 62 61 6c 54 72 75 73 74 2e 63 72 74 _GlobalTrust.crt engine=1 (0x1) engine_id - hexdump_ascii(len=6): 70 6b 63 73 31 31 pkcs11 key_id - hexdump_ascii(len=40): 65 34 35 31 64 31 64 31 31 39 37 63 61 66 34 63 e451d1d1197caf4c 37 34 63 33 33 64 39 31 34 33 39 38 36 61 32 38 74c33d9143986a28 63 39 63 33 34 61 35 35 c9c34a55 pin - hexdump_ascii(len=4): [REMOVED] Priority group 0 id=0 ssid='*******' Initializing interface (2) 'eth1' ENGINE: Loading dynamic engine ENGINE: Loading pkcs11 Engine from /usr/lib/engines/engine_pkcs11.so ENGINE: 'SO_PATH' '/usr/lib/engines/engine_pkcs11.so' ENGINE: 'ID' 'pkcs11' ENGINE: 'LIST_ADD' '1' ENGINE: 'LOAD' '(null)' ENGINE: 'MODULE_PATH' '/usr/lib/opensc-pkcs11.so' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 SIOCGIWRANGE: WE(compiled)=21 WE(source)=16 enc_capa=0xf capabilities: key_mgmt 0xf enc 0xf WEXT: Operstate: linkmode=1, operstate=5 Own MAC address: 00:13:02:61:79:24 wpa_driver_wext_set_wpa wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_countermeasures wpa_driver_wext_set_drop_unencrypted Setting scan request: 0 sec 100000 usec ctrl_interface_group=0 Added interface eth1 RTM_NEWLINK: operstate=0 ifi_flags=0x1002 () Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added State: DISCONNECTED -> SCANNING Starting AP scan (broadcast SSID) Trying to get current scan results first without requesting a new scan to speed up initial association Received 1539 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:0e:38:0d:04:a0 ssid='*******' wpa_ie_len=24 rsn_ie_len=0 caps=0x11 selected based on WPA IE Trying to associate with 00:0e:38:0d:04:a0 (SSID='*******' freq=0 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 proto 1 WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 WPA: clearing AP RSN IE WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: SCANNING -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=15 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:0e:38:0d:04:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:0e:38:0d:04:a0 No keys have been configured - skip key clearing Associated with 00:0e:38:0d:04:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RX EAPOL from 00:0e:38:0d:04:a0 RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=40): 43 50 49 53 52 2d 31 20 43 61 72 6c 6f 73 20 46 CPISR-1 Carlos F 72 61 67 6f 73 6f 20 4d 61 72 69 73 63 61 6c 40 ragoso Mariscal@ 63 65 73 63 61 2e 65 73 cesca.es EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=49): 01 00 00 2d 02 01 00 2d 01 43 50 49 53 52 2d 31 20 43 61 72 6c 6f 73 20 46 72 61 67 6f 73 6f 20 4d 61 72 69 73 63 61 6c 40 63 65 73 63 61 2e 65 73 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:0e:38:0d:04:a0 RX EAPOL - hexdump(len=46): 01 00 00 06 01 02 00 06 0d 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=13 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 13 (TLS) TLS: Trusted root certificate(s) loaded SSL: Initializing TLS engine Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory ENGINE: engine initialized Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory Error: can't open /var/run/openct/status: No such file or directory OpenSSL: tls_connection_engine_private_key - Private key failed verification error:140A30B1:SSL routines:SSL_check_private_key:no certificate assigned TLS: Failed to load private key CTRL-REQ-PIN-0:PIN needed for SSID ******* EAP-TLS: Failed to initialize SSL. ENGINE: engine deinit EAP-TLS: Requesting Smartcard PIN CTRL-REQ-PIN-0:PIN needed for SSID ******* EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) EAP: Pending PIN/passphrase request - skip Nak EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: startWhen --> 0 CTRL-EVENT-TERMINATING - signal 2 received Removing interface eth1 State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_deauthenticate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 wpa_driver_wext_set_wpa wpa_driver_wext_set_drop_unencrypted wpa_driver_wext_set_countermeasures No keys have been configured - skip key clearing WEXT: Operstate: linkmode=0, operstate=6 Cancelling scan request