[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
This bug was fixed in the package wpa - 1.0-3ubuntu3 --- wpa (1.0-3ubuntu3) trusty; urgency=low * debian/config/wpasupplicant/linux: enable EAP-FAST (LP: #34982) -- Mathieu Trudel-Lapierre mathieu...@ubuntu.com Wed, 30 Oct 2013 09:25:39 -0700 ** Changed in: wpa (Ubuntu) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Indeed, openssl has had EAP-FAST for some time... I'm updating wpa now for trusty, to enable EAP-FAST, that should be in shortly. As for in saucy, we can look at releasing that change as SRU. ** Changed in: wpasupplicant (Ubuntu) Status: Confirmed = In Progress ** Package changed: wpasupplicant (Ubuntu) = wpa (Ubuntu) ** Changed in: wpa (Ubuntu) Assignee: (unassigned) = Mathieu Trudel-Lapierre (mathieu-tl) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/wpa/trusty-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Confirmed. The procedure is pretty simple really. I even recompiled my own wpa_supplicant and created a deb file. But this didn't update NetworkManager. Here's my test: network={ ssid=SSIDNAME key_mgmt=WPA-EAP eap=FAST identity=USERNAME password=PASSWORD phase1=fast_provisioning=3 pac_file=/tmp/wpa_supplicant.pac } Then uncheck enable wifi and do a sudo rfkill unblock all then sudo wpa_supplicant -Dnl80211 -iwlan0 -c/etc/wpa_supplicant.conf wlan0: SME: Trying to authenticate with 58:35:d9:3a:3c:91 (SSID='SSIDNAME' freq=2412 MHz) wlan0: Trying to associate with 58:35:d9:3a:3c:91 (SSID='SSIDNAME' freq=2412 MHz) wlan0: Associated with 58:35:d9:3a:3c:91 wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=17 - NAK wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=43 EAP-FAST: No PAC file '/tmp/wpa_supplicant.pac' - assume no PAC entries have been provisioned wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 43 (FAST) selected wlan0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=US/O=Global Security Operations/CN=NetApp Corporate Root CA' wlan0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=US/O=Global Security Operations/CN=NetApp Corporate Root CA' wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=netapp/DC=hq/CN=NetApp Corporate Issuing CA' wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=eapfastpacs' wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully wlan0: WPA: Key negotiation completed with 58:35:d9:3a:3c:91 [PTK=CCMP GTK=CCMP] wlan0: CTRL-EVENT-CONNECTED - Connection to 58:35:d9:3a:3c:91 completed (auth) [id=0 id_str=] How do we integrate this into NM? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Hitting this as well on 13.04 with wpasupplicant 1.0-3ubuntu1 May 20 13:08:10 ** NetworkManager[1245]: warn EAP-FAST is not supported by the supplicant -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Thank you for always reporting here. I mark this bug as confirmed because it happens to several users. ** Changed in: wpasupplicant (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
** Changed in: wpasupplicant (Ubuntu) Assignee: Reinhard Tartler (siretart) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
This bug does not appear to be fixed. It seems that it was closed without anyone testing it. When I try to connect to an EAP-FAST network I get the following message in syslog: Apr 5 16:16:57 mt-dhuggins NetworkManager[958]: warn EAP-FAST is not supported by the supplicant Perhaps EAP-FAST is supported in openssl but is just not activated in wpa_supplicant? ** Changed in: wpasupplicant (Ubuntu) Status: Invalid = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
When looking at the CHANGES file of OpenSSL (from Precise) it can be seen that EAP-FAST is included: *) Add session ticket override functionality for use by EAP-FAST. This is the actual commit that included it: http://cvs.openssl.org/chngview?cn=17641 Therefore, this issue got implemented and I'll close it accordingly. ** Changed in: openssl (Ubuntu) Status: Confirmed = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/34982 Title: Please apply the EAP-FAST from the wpasupplicant source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/34982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
I notice that a year ago Josh pointed out that EAP-FAST became available in OpenSSL. There doesn't seem to have been any activity on this bug though. As stated in the log for OpenSSL bug #1574 (as seen in the URL below) by Steve of OpenSSL on November 15, 2008: You patch has now been applied to HEAD. Thank you for the contribution. Let me know of any problems. Jouni Malinen of wpasupplicant replied on November 16, 2008: Thank you! I updated wpa_supplicant and hostapd to use the new API when building against OpenSSL 0.9.9. This seems to be working fine and will make it much easier for distributions to include EAP-FAST support in the future. and then added on November 23, 2008: Here's a backport version of the session ticket override patch against OpenSSL 0.9.8i. This provides the same API that was committed into 0.9.9 tree and it can be used with the current development snapshot of wpa_supplicant/hostapd 0.6.x for EAP-FAST. Here is a URL that doesn't require login and tracks the OpenSSL bug: http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=1574 You'll find the cited portions are the last three entries. If this can make its way into Hardy proposed I'd be happy to test it and it would get used daily. I could test it in Jaunty as well although it would see only limited use. I might be able to arrange Karmic in a limited fashion also. I'm not in a position to do anything with Lucid right now unfortunately. If the answer is that we're waiting for Lucid, I understand but is this planned for Lucid or will it slip by another release? I notice this bug is confirmed for openssl but not currently assigned to anyone. Can someone involved in maintaining the openssl package comment? -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
According to openssl developers: http://rt.openssl.org/Ticket/History.html?id=1574 The support for EAP-FAST has been included. Also for wpa_supplicant, it will build according to the patched openssl. But i am not sure how Network Manager can support EAP-FAST because when i tried to add a new wireless connection, there is no option to choose EAP-FAST as authentication. -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
I have not found any evidence that network manager supports EAP-FAST. Do you have any link to where I can find this information? -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Hi Reinhard, I do not know if you are feeling offended. But I hope not. I have not tried to reference the discussion with the openssl folks as it has already been reported. But what I think is that it would be only be available for 0.9.9 release. However there is there's no release date and no indication as to how long will it take. I do understand that it is an overhead for maintaining the extra packages. I also do not know what overheads are required, so if it is too much to ask for, then I accept that. I was not trying to overexaggerate, what I meant was enterprise environments which ONLY use EAP-FAST protocol for authenticating to wireless. Without the patch, there doesn't seem to be any other way to get that to work. regards, Adrian -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
The only alternative currently is to let network manager handle your wireless connection. It supports EAP-FAST -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Adrian Quek [EMAIL PROTECTED] writes: I have not tried to reference the discussion with the openssl folks as it has already been reported. That's the reference I'm asking for. But what I think is that it would be only be available for 0.9.9 release. However there is there's no release date and no indication as to how long will it take. On what basis do you make this guess? I do understand that it is an overhead for maintaining the extra packages. I also do not know what overheads are required, so if it is too much to ask for, then I accept that. This problem does not only affect ubuntu, but every distribution that uses tools like wpa_supplicant and network-manager. Please let's try to get this issue fixed at the right place: Openssl upstream. I was not trying to overexaggerate, what I meant was enterprise environments which ONLY use EAP-FAST protocol for authenticating to wireless. Without the patch, there doesn't seem to be any other way to get that to work. That is indeed correct. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
It seems that openssl does not have any plans to release this functionailty with 0.9.9 anytime soon. Can we have a alternate version of openssl and wpasupplicant in the repository with the patches applied and the EAP-FAST enabled? (with disclaimers) Then users can choose to manually install the patched openssl and wpasupplicant if they wish to. At least this will give users in enterprise environments a working implementation for wireless. Also you would get more people testing the affects of the patch on openssl. I have used this successfully in my environment (built the openssl and wpa_supplicant from source) and I don't see why it is taking so long for such functionality to be added. -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Adrian Quek [EMAIL PROTECTED] writes: It seems that openssl does not have any plans to release this functionailty with 0.9.9 anytime soon. Can you please reference discussion with the openssl folks? I didn't try to reach them myself yet, as I'm not very involved with openssl development. Can we have a alternate version of openssl and wpasupplicant in the repository with the patches applied and the EAP-FAST enabled? (with disclaimers) Then users can choose to manually install the patched openssl and wpasupplicant if they wish to. If we do this, we should add the patch to the source package and build two binary packages, one with the patch and one without. Then we built the wpasupplicant package against the patched one. This means a giant maintanence overhead which I'm not willing to support unless you can clearly point to conversations with upstream that show with what reasons they reject that patch. At least this will give users in enterprise environments a working implementation for wireless. I'm as well online in an enterprise environment without needing that patch. don't overexaggerate. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Any plans for EAP-FAST support to be added to Ubuntu 8.10? I hope this important network feature is added soon, as I see this shortcoming hindering Ubuntu adoption in my neck of the woods. -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Stephen Laverty [EMAIL PROTECTED] writes: Why not apply it to the Ubuntu package? This seems like such a major roadblock to adoption. Maily because we are not sure what effects that patch has on other packages using openssl. Have you considered building your own openssl/wpasupplicant packages and try them out? -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
Many of my co-workers and I would love to use Ubuntu at work as I have installed it on my standard-corporate-issue D630 laptop with great success but, like most large companies, we use EAP-FAST with our Cisco WLAN setup. This issue is preventing tens of people around me from switching to Ubuntu and I have to imagine this is a common plight. It's worth noting that this issue has been open for two years now. Do I read the above comment correctly, in that maintainers are waiting for the patch to be introduced into openssl? Why not apply it to the Ubuntu package? This seems like such a major roadblock to adoption. -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
it seems to be already reported at openssl upstream by Jouni Malinen (wpasupplicant upstream) here: http://rt.openssl.org/Ticket/Display.html?id=1574user=guestpass=guest I doubt it will make it for hardy, though. -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
EAP-FAST support is very important, as it is widely used in Enterprise environments. It is also the authentication mechanism recommended by Cisco who are currently the leading WLAN vendor. When is this bug going to being fixed? In Hardy? -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
I've updated the bug description with the current status, AFAIUI. Having a quick look at the patch, it seems to be that it would break other applications linked to the libssl library. I'm not too sure about this though, someone with more insight wrt libssl should review the patch and negotiate with upstream about its inclusion. I assume that's why this bug is in 'incomplete' state. ** Summary changed: - EAP-FAST not enabled in wpasupplicant + Please apply the EAP-FAST from the wpasupplicant source ** Description changed: - the EAP-FAST protocol is supported by wpasupplicant but it appears the - package isn't built with it enabled. looking in the ubuntu diff file, - it looks like the reason is that this adds a dependancy on openssl since - openssl needs to be patched to support this. is that why this isn't - currently enabled? + In order for properly supporting the EAP-FAST protocol, the openssl + source needs to be patched. + + The EAP-FAST protocol is supported by wpasupplicant, but is currently + blocked by lacking support in the openssl library in ubuntu. -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
The expiration is the thing that bothers me. I suppose we can keep poking it periodically with meaningless comments, but wouldn't a better solution be assigning this bug to someone who can do that negotiation with upstream? -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 34982] Re: Please apply the EAP-FAST from the wpasupplicant source
setting this bug to 'confirmed' so that it won't expire. ** Changed in: openssl (Ubuntu) Status: Incomplete = Confirmed -- Please apply the EAP-FAST from the wpasupplicant source https://bugs.launchpad.net/bugs/34982 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs