[Bug 969343] Re: Unable to connect to WPA enterprise wireless

Mathieu Trudel-Lapierre mathieu.tl at gmail.com
Thu Jun 28 18:12:37 UTC 2012 

On Thu, Jun 28, 2012 at 1:51 PM, Diane Trout <diane at ghic.org> wrote:
[...]
> Would it be too obnoxious to add a configuration option to wpa
> supplicant that allows manually twiddling flags on the
> SSL_set_options(conn->ssl, options); call? Or would it be better to come
> up some test tool that can test the various combinations of extensions
> with 802.1x authentication?

Patches are welcome ;)

However, that's only something I'd change in development release, not
in a stable release.

Setting the options as a parameter seems rather complex though, since
you'd probably have to do that as a value that would then get
bit-shifted to set the appropriate options, and perhaps ORed with the
other options that should be set automatically by the wpasupplicant
code. A big can of worms ;)

As for testing the extensions with 802.1x; the issue you're most
likely to get into is that different vendors support different
extensions with different levels of success, so you're still bound to
run into things that break horribly every once in a while.

Mathieu Trudel-Lapierre <mathieu.tl at gmail.com>
Freenode: cyphermox, Jabber: mathieu.tl at gmail.com
4096R/EE018C93 1967 8F7D 03A1 8F38 732E  FF82 C126 33E1 EE01 8C93

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/969343

Title:
  Unable to connect to WPA enterprise wireless

Status in OEM Priority Project:
  In Progress
Status in OEM Priority Project precise series:
  New
Status in OpenSSL cryptography and SSL/TLS toolkit:
  New
Status in Linux WPA/WPA2/IEEE 802.1X Supplicant:
  In Progress
Status in “openssl” package in Ubuntu:
  Triaged
Status in “wpasupplicant” package in Ubuntu:
  Incomplete
Status in “openssl” source package in Precise:
  Triaged
Status in “wpasupplicant” source package in Precise:
  Incomplete
Status in “openssl” package in Debian:
  New
Status in “openssl” package in Fedora:
  New
Status in “wpasupplicant” package in Fedora:
  Unknown

Bug description:
  Using identical settings as in 11.10, I am unable to make a wpa
  enterprise connection using xubuntu precise beta 2. This is a Lenovo
  X220 with a Centrino Advanced-N 6205 wireless interface. During the
  attempted logon, I am not presented with a certificate to approve,
  although wireless instructions for OSX suggest that I should be.
  However, I never had to approve a certificate when connecting with
  11.10 -- I just ignored the certificate screen and everything worked.

  This seems like the relevant excerpt from syslog:

  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Trying to associate with 00:11:92:3e:79:80 (SSID='Northwestern' freq=2462 MHz)
  Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: scanning -> associating
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940422] wlan0: authenticated
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940974] wlan0: associate with 00:11:92:3e:79:80 (try 1)
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943165] wlan0: RX ReassocResp from 00:11:92:3e:79:80 (capab=0x431 status=0 aid=222)
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943174] wlan0: associated
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Associated with 00:11:92:3e:79:80
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-STARTED EAP authentication started
  Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: associating -> associated
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: SSL: SSL3 alert: read (remote end reported an error):fatal:bad certificate
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: OpenSSL: openssl_handshake - SSL_connect error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-FAILURE EAP authentication failed
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.969742] wlan0: deauthenticated from 00:11:92:3e:79:80 (Reason: 23)

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: network-manager 0.9.4.0-0ubuntu1
  ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12
  Uname: Linux 3.2.0-20-generic x86_64
  ApportVersion: 2.0-0ubuntu1
  Architecture: amd64
  Date: Fri Mar 30 10:34:13 2012
  IfupdownConfig:
   auto lo
   iface lo inet loopback
  InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
  NetworkManager.state:
   [main]
   NetworkingEnabled=true
   WirelessEnabled=true
   WWANEnabled=true
   WimaxEnabled=true
  ProcEnviron:
   LANGUAGE=en_US:en
   TERM=xterm
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  RfKill:
   0: phy0: Wireless LAN
   	Soft blocked: no
   	Hard blocked: no
  SourcePackage: network-manager
  UpgradeStatus: No upgrade log present (probably fresh install)
  nmcli-con: Error: command ['nmcli', '-f', 'all', 'con'] failed with exit code 1: Error: Can't obtain connections: settings service is not running.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/969343/+subscriptions

More information about the foundations-bugs mailing list