eapol_test failed, please help
I ran the following test on my Radhat (Fodora 6) server to test eap-tls (after I started radiusd): ./eapol_test -c ../network -a 127.0.0.1 -p1812 -s secret -r 1 It failed after some handshake with the server: ... EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=13 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=213) - Flags 0x80 SSL: TLS Message Length: 1227 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server hello A TLS: Certificate verification failed, error 18 (self signed certificate) depth 0 for '/C=US/ST=California/L=Oak Park/O=Jins Company/OU=Engineering/CN=jinlu/[EMAIL PROTECTED]' SSL: (where=0x4008 ret=0x230) SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA SSL: (where=0x1002 ret=0x) SSL: SSL_connect:error in SSLv3 read server certificate B OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed The configuration is network={ ssid=roofnet key_mgmt=WPA-EAP eap=TLS ca_cert=/etc/pki/CA/cacert.pem identity=jinlu client_cert=/etc/pki/tls/misc/cert-clt.pem private_key=/etc/pki/tls/misc/cert-key.pem private_key_passwd=.. } where the certificates are created based on a standard procedure. Could someone shed some light into the problem (unknown CA...)? Thanks in advance for your help. For your information, I include the long test output in the following (after removing some lines). -- [EMAIL PROTECTED] wpa_supplicant-0.5.8]# ./eapol_test -c ../network -a127.0.0.1 -p1812 -s secret -r 1 Reading configuration file '../network' Line: 1 - start of a new network block ssid - hexdump_ascii(len=7): 72 6f 6f 66 6e 65 74 roofnet key_mgmt: 0x1 eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 ca_cert - hexdump_ascii(len=22): 2f 65 74 63 2f 70 6b 69 2f 43 41 2f 63 61 63 65 /etc/pki/CA/cace 72 74 2e 70 65 6d rt.pem identity - hexdump_ascii(len=5): 6a 69 6e 6c 75 jinlu client_cert - hexdump_ascii(len=30): 2f 65 74 63 2f 70 6b 69 2f 74 6c 73 2f 6d 69 73 /etc/pki/tls/mis 63 2f 63 65 72 74 2d 63 6c 74 2e 70 65 6d c/cert-clt.pem private_key - hexdump_ascii(len=30): 2f 65 74 63 2f 70 6b 69 2f 74 6c 73 2f 6d 69 73 /etc/pki/tls/mis 63 2f 63 65 72 74 2d 6b 65 79 2e 70 65 6d c/cert-key.pem private_key_passwd - hexdump_ascii(len=8): --- line omitted --- Priority group 0 id=0 ssid='roofnet' Authentication server 127.0.0.1:1812 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=5): 6a 69 6e 6c 75 jinlu EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=10) TX EAP - RADIUS - hexdump(len=10): 02 00 00 0a 01 6a 69 6e 6c 75 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=5): 6a 69 6e 6c 75 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=118 Attribute 1 (User-Name) length=7 Value: 'jinlu' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=12 Value: 02 00 00 0a 01 6a 69 6e 6c 75 Attribute 80 (Message-Authenticator) length=18 Value: 4d 62 5a c4 38 ed f1 b8 7a 98 48 67 4b 37 64 57 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 64 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=64 Attribute 79 (EAP-Message) length=8 Value: 01 01 00 06 0d 20 Attribute 80 (Message-Authenticator) length=18 Value:
Problem with Self-Signed certificate and wpa_supplicant
Hi, I have a problem with self assigned certificate when using wpa_supplicant as (exactly) described in the attached old message in this forum. I wonder if anybody can shed some light into it. Here is what tried to solve it, but without any luck: * find OPENSSLDIR (openssl version -d) * put the self signed certificate ( cacert.pem) in $OPENSSLDIR/certs * create the hash-based symlink using some script * then I do openssl verify cacert.pem, and got ok despite the above, I till get TLS: Certificate verification failed, error 18 (self signed certificate) depth 0 for '/C=US/ST= .. .' SSL: (where=0x4008 ret=0x230) SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA ** old message * Problem with Self-Signed certificate and wpa_supplicant by Philippe Vachon Jun 23, 2005; 08:52am :: Rate this Message:(use ratings to moderate[?]) Reply | Reply to Author | View in Thread Hello All. I've been trying to setup WPA security on my network. As such, I have been generating my own root and server certificate, and signing my client certificates with said root certificate. However, for some reason, whenever I try to use the certificates with wpa_supplicant, I get the following errors: TLS: Certificate verification failed, error 18 (self signed certificate) depth 0 for '/C=CA/O=Radialink/CN=RADIUS' SSL: (where=0x4008 ret=0x230) SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA SSL: (where=0x1002 ret=0x) SSL: SSL_connect:error in SSLv3 read server certificate B SSL: SSL_connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed whenever I try to authenticate. I am reasonably certain there is no problem with my FreeRADIUS configuration, however, I suspect there might be a problem with my root certificate based on this error. Is anybody able to shed any light on this for me? Thanks, Phil. -- View this message in context: http://www.nabble.com/Problem-with-Self-Signed-certificate-and-wpa_supplicant-tf4270305.html#a12154183 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]