[pkg-wpa-devel] Bug#668612: wpasupplicant: ssl bad certificate

Luis Fernando Llana Díaz luis at ramonvazquez.net
Fri Apr 13 13:12:02 UTC 2012 

Package: wpasupplicant
Version: 0.7.3-6
Severity: normal

Dear Maintainer,
  I have just installed Debian Wheezy. So far, the only important thing
that does not work is the Eduroam connection in my institution. It has
always worked in the previous versions. This is the configuration file
I have always used:




ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1

network={
	ssid="eduroam"
	#proto=WPA
	key_mgmt=WPA-EAP
	pairwise=CCMP TKIP
	group=CCMP TKIP
	eap=TTLS
	phase1="peaplabel=0"
	phase2="auth=PAP"
	identity="XXX at sip.ucm.es"
	anonymous_identity="anonymous at ucm.es"
	password="XXXXXX"
#	ca_cert="/etc/cert/ca.pem"
	priority=2
}

Let us note that the ca_cert entry is commented since it is not used in
my institution. This is the error I get when I try to connect:

Trying to associate with 00:1f:45:e4:e2:d1 (SSID=3D'eduroam' freq=3D5200
MH=
z)
Associated with 00:1f:45:e4:e2:d1
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=3D0 method=3D21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
SSL: SSL3 alert: read (remote end reported an error):fatal:bad
certificate
OpenSSL: openssl_handshake - SSL_connect error:14094412:SSL
routines:SSL3_R=
EAD_BYTES:sslv3 alert bad certificate
CTRL-EVENT-EAP-FAILURE EAP authentication failed
Authentication with 00:1f:45:e4:e2:d1 timed out.


=20=20

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (650, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=3Des_ES.UTF-8, LC_CTYPE=3Des_ES.UTF-8 (charmap=3DUTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wpasupplicant depends on:
ii  adduser           3.113+nmu1
ii  initscripts       2.88dsf-22.1
ii  libc6             2.13-27
ii  libdbus-1-3       1.5.12-1
ii  libnl-3-200       3.2.7-2
ii  libnl-genl-3-200  3.2.7-2
ii  libpcsclite1      1.8.3-2
ii  libreadline6      6.2-8
ii  libssl1.0.0       1.0.1-4
ii  lsb-base          4.1+Debian0

wpasupplicant recommends no packages.

Versions of packages wpasupplicant suggests:
pn  libengine-pkcs11-openssl  <none>
pn  wpagui                    <none>

-- no debconf information

More information about the Pkg-wpa-devel mailing list