Description of problem: In Fedora26 EAP-TLS seems to be broken with the current version of the wpa_supplicant (wpa_supplicant-2.6-7.fc26.x86_64) and openssl (openssl-libs-1.1.0f-3.fc26.x86_64) Version-Release number of selected component (if applicable): wpa_supplicant-2.6-7.fc26.x86_64 openssl-libs-1.1.0f-3.fc26.x86_64 How reproducible: 100% Steps to Reproduce: 1. have a network which requires EAP-TLS (in my case it was LAN) 2. configure the certificates 3. try to connect to the network Actual results: Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7303] device (enp0s25): Activation: starting connection 'enp0s25' (ea23754a-e091-37ee-8167-3ee3b7a06a1b) Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7311] audit: op="connection-activate" uuid="ea23754a-e091-37ee-8167-3ee3b7a06a1b" name="enp0s25" pid=1683 uid=1000 result="success" Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7312] device (enp0s25): state change: disconnected -> prepare (reason 'none') [30 40 0] Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7314] manager: NetworkManager state is now CONNECTING Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7317] device (enp0s25): state change: prepare -> config (reason 'none') [40 50 0] Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7325] device (enp0s25): Activation: (ethernet) connection 'enp0s25' has security, but secrets are required. Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7325] device (enp0s25): state change: config -> need-auth (reason 'none') [50 60 0] Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7713] device (enp0s25): state change: need-auth -> prepare (reason 'none') [60 40 0] Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7721] device (enp0s25): state change: prepare -> config (reason 'none') [40 50 0] Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7731] device (enp0s25): Activation: (ethernet) connection 'enp0s25' requires no security. No secrets needed. Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7986] device (enp0s25): supplicant interface state: starting -> ready Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7986] Config: added 'key_mgmt' value 'IEEE8021X' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7986] Config: added 'eapol_flags' value '0' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7987] Config: added 'eap' value 'TLS' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7987] Config: added 'fragment_size' value '1266' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7987] Config: added 'ca_cert' value '/home/username/.cert/username_20190227_ca.pem' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7987] Config: added 'private_key' value '/home/username/.cert/username_20190227_key.pem' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7987] Config: added 'private_key_passwd' value '<hidden>' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7988] Config: added 'client_cert' value '/home/username/.cert/username_20190227_cl.pem' Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.7988] Config: added 'identity' value 'John Doe' Jun 26 18:57:56 notebook.domain.xy wpa_supplicant[1286]: enp0s25: Associated with 01:80:c2:00:00:03 Jun 26 18:57:56 notebook.domain.xy wpa_supplicant[1286]: WMM AC: Missing IEs Jun 26 18:57:56 notebook.domain.xy wpa_supplicant[1286]: enp0s25: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Jun 26 18:57:56 notebook.domain.xy NetworkManager[1070]: <info> [1498496276.8079] device (enp0s25): supplicant interface state: ready -> associated Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: enp0s25: CTRL-EVENT-EAP-STARTED EAP authentication started Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: enp0s25: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=43 -> NAK Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: enp0s25: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: Enter PEM pass phrase: Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0) Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: TLS: Failed to load private key '/home/username/.cert/username_20190227_key.pem' Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: TLS: Failed to set TLS connection parameters Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: EAP-TLS: Failed to initialize SSL. Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: enp0s25: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) Jun 26 18:57:58 notebook.domain.xy wpa_supplicant[1286]: enp0s25: CTRL-EVENT-EAP-FAILURE EAP authentication failed Expected results: This is the successfull login with the same configuration/environment and the cryptomaterial ====== Fedora 25 wpa_supplicant-2.6-1.fc25.x86_64 compiled against openssl-libs-1.0.2k-1.fc25.x86_64 Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.6845] device (enp0s25): Activation: starting connection 'INAC2019' (53cd0b31-cf7f-43fa-b2db-ff14548cdb65) Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.6851] audit: op="connection-activate" uuid="53cd0b31-cf7f-43fa-b2db-ff14548cdb65" name="INAC2019" pid=12111 uid=1000 result="success" Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.6852] device (enp0s25): state change: disconnected -> prepare (reason 'none') [30 40 0] Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.6853] manager: NetworkManager state is now CONNECTING Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.6862] device (enp0s25): state change: prepare -> config (reason 'none') [40 50 0] Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.6872] device (enp0s25): Activation: (ethernet) connection 'INAC2019' has security, but secrets are required. Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.6873] device (enp0s25): state change: config -> need-auth (reason 'none') [50 60 0] Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.7754] device (enp0s25): state change: need-auth -> prepare (reason 'none') [60 40 0] Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.7785] device (enp0s25): state change: prepare -> config (reason 'none') [40 50 0] Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.7798] device (enp0s25): Activation: (ethernet) connection 'INAC2019' requires no security. No secrets needed. Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8312] device (enp0s25): supplicant interface state: starting -> ready Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8312] Config: added 'key_mgmt' value 'IEEE8021X' Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8312] Config: added 'eapol_flags' value '0' Jun 26 20:08:37 notebook.domain.xy wpa_supplicant[1707]: enp0s25: Associated with 01:80:c2:00:00:03 Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8312] Config: added 'eap' value 'TLS' Jun 26 20:08:37 notebook.domain.xy wpa_supplicant[1707]: WMM AC: Missing IEs Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8312] Config: added 'fragment_size' value '1266' Jun 26 20:08:37 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8313] Config: added 'ca_cert' value '/home/username/.cert/username_20190227_ca.pem' Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8313] Config: added 'private_key' value '/home/username/.cert/username_20190227_key.pem' Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8313] Config: added 'private_key_passwd' value '<omitted>' Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8313] Config: added 'client_cert' value '/home/username/.cert/username_20190227_cl.pem' Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8314] Config: added 'identity' value 'John Doe' Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8320] sup-iface[0x561a29b53360,enp0s25]: config: set interface ap_scan to 0 Jun 26 20:08:37 notebook.domain.xy NetworkManager[1580]: <info> [1498500517.8397] device (enp0s25): supplicant interface state: ready -> associated Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-STARTED EAP authentication started Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=43 -> NAK Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign' hash=cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA SHA256 G2' hash=01fd73ef5e70f526fc9c11f65fe2ee6f7125b3693949227ffd8e459e583c458a Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='redacted ' Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='redacted ' Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:39 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:redacted Jun 26 20:08:40 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Jun 26 20:08:40 notebook.domain.xy wpa_supplicant[1707]: enp0s25: CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed [id=0 id_str=] Jun 26 20:08:40 notebook.domain.xy NetworkManager[1580]: <info> [1498500520.1288] device (enp0s25): supplicant interface state: associated -> completed Jun 26 20:08:40 notebook.domain.xy NetworkManager[1580]: <info> [1498500520.1289] device (enp0s25): Activation: (ethernet) Stage 2 of 5 (Device Configure) successful. Additional info: This is most probably related - same issue on WiFi on the Arch Linux: https://bugs.archlinux.org/task/54233 Configuration used in this: Settings / Network / Wired / Add Profile / INAC2019 Security: 802/1x Security: ON Authentication: TLS Identity: John Doe User certificate: CA certificate: [ ] No CA certificate is required (unchecked) Private key: Private key password: valid (Password used is valid - checked with "openssl rsa -in /home/username/.cert/username_20190227_key.pem")
Getting similar error for the WiFi authenticated with user certificate (EAP-TLS). I guess it is the same issue.
I can confirm that the patch https://bugs.archlinux.org/task/54233?getfile=15295 from the Archlinux https://bugs.archlinux.org/task/54233 works for the EAP-TLS over the wired network cable. For some reason the patch doesn't help with the WiFi network requesting EAP-TLS.
Relevant bug in the openssl - https://github.com/openssl/openssl/issues/3594
(In reply to Michal Ambroz from comment #2) > For some reason the patch doesn't help with the WiFi network requesting > EAP-TLS. Hi, can you please attach logs for the failing wifi connection attempt? Thanks!
Posted patch upstream: http://lists.infradead.org/pipermail/hostap/2017-June/037739.html
(In reply to Beniamino Galvani from comment #4) > (In reply to Michal Ambroz from comment #2) > > For some reason the patch doesn't help with the WiFi network requesting > > EAP-TLS. > > Hi, can you please attach logs for the failing wifi connection attempt? > Thanks! Hello Beniamino, the log for the Wifi + EAP-TLS failing looks the same as for LAN EAP-TLS - it claims it is not possible to load the private key (although, when patched, the same private key is used for the LAN EAP-TLS access and that works). I have not checked the wpa_supplicant code yet, but I would guess the same patch might be required on more places. Michal Ambroz ====== here goes the log ================================================== Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6547] device (atheros0): Activation: (wifi) connection 'TEST_WIFI' has security, and secrets exist. No new secrets needed. Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6547] Config: added 'ssid' value 'TEST_WIFI' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6547] Config: added 'scan_ssid' value '1' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6547] Config: added 'key_mgmt' value 'WPA-EAP' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6547] Config: added 'eap' value 'TLS' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6548] Config: added 'fragment_size' value '1266' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6548] Config: added 'ca_cert' value '/home/username/.cert/username_20190227_cl.pem' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6548] Config: added 'private_key' value '/home/username/.cert/username_20190227_key.pem' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6548] Config: added 'private_key_passwd' value '<hidden>' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6548] Config: added 'client_cert' value '/home/username/.cert/username_20190227_ca.pem' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6549] Config: added 'identity' value 'John Doe' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6549] Config: added 'bgscan' value 'simple:30:-65:300' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.6549] Config: added 'proactive_key_caching' value '1' Jul 03 15:36:49 notebook.domain.xy NetworkManager[1456]: <info> [1499089009.7577] device (atheros0): supplicant interface state: inactive -> scanning Jul 03 15:36:50 notebook.domain.xy wpa_supplicant[26270]: atheros0: SME: Trying to authenticate with 11:22:33:44:55:66 (SSID='TEST_WIFI' freq=2462 MHz) Jul 03 15:36:51 notebook.domain.xy kernel: atheros0: authenticate with 11:22:33:44:55:66 Jul 03 15:36:51 notebook.domain.xy kernel: atheros0: send auth to 11:22:33:44:55:66 (try 1/3) Jul 03 15:36:51 notebook.domain.xy kernel: atheros0: authenticated Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: Trying to associate with 11:22:33:44:55:66 (SSID='TEST_WIFI' freq=2462 MHz) Jul 03 15:36:51 notebook.domain.xy NetworkManager[1456]: <info> [1499089011.2341] device (atheros0): supplicant interface state: scanning -> authenticating Jul 03 15:36:51 notebook.domain.xy kernel: atheros0: associate with 11:22:33:44:55:66 (try 1/3) Jul 03 15:36:51 notebook.domain.xy kernel: atheros0: RX AssocResp from 11:22:33:44:55:66 (capab=0x431 status=0 aid=2) Jul 03 15:36:51 notebook.domain.xy kernel: atheros0: associated Jul 03 15:36:51 notebook.domain.xy NetworkManager[1456]: <info> [1499089011.2520] device (atheros0): supplicant interface state: authenticating -> associating Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: Associated with 11:22:33:44:55:66 Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: CTRL-EVENT-EAP-STARTED EAP authentication started Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=43 -> NAK Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 Jul 03 15:36:51 notebook.domain.xy NetworkManager[1456]: <info> [1499089011.2844] device (atheros0): supplicant interface state: associating -> associated Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0) Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: TLS: Failed to load private key '/home/username/.cert/username_20190227_key.pem' Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: TLS: Failed to set TLS connection parameters Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: EAP-TLS: Failed to initialize SSL. Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=CZ Jul 03 15:36:51 notebook.domain.xy wpa_supplicant[26270]: atheros0: CTRL-EVENT-EAP-FAILURE EAP authentication failed Jul 03 15:36:51 notebook.domain.xy kernel: atheros0: Limiting TX power to 4 dBm as advertised by 11:22:33:44:55:66 Jul 03 15:36:53 notebook.domain.xy wpa_supplicant[26270]: atheros0: Authentication with 11:22:33:44:55:66 timed out.
Can this be hotfixed please? It breaks 802.1x on wired connections as well so upgrading kicks systems off of secured networks. I've applied the upstream patch to the RPM and confirmed that it restores wireless connections. Thanks!
(In reply to David Carlson from comment #7) > Can this be hotfixed please? It breaks 802.1x on wired connections as well > so upgrading kicks systems off of secured networks. I've applied the > upstream patch to the RPM and confirmed that it restores wireless > connections. Thanks! Does the patch fix the problem with wired 802.1x connections for you?
(In reply to Beniamino Galvani from comment #8) > Does the patch fix the problem with wired 802.1x connections for you? Yes - confirmed it fixes wired 802.1x on two different systems this morning. -Dave
I can also confirm that archlinux patch fixes this issue.
Looks like this was applied upstream: http://lists.infradead.org/pipermail/hostap/2017-July/037796.html https://w1.fi/cgit/hostap/commit/?id=f665c93e1d28fbab3d9127a8c3985cc32940824f
wpa_supplicant-2.6-8.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3438ec82a
*** Bug 1471728 has been marked as a duplicate of this bug. ***
wpa_supplicant-2.6-8.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3438ec82a
wpa_supplicant-2.6-8.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.