2053231 – [NMCI] 8021x_ttls_mschapv2_eap test fails

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2053231 - [NMCI] 8021x_ttls_mschapv2_eap test fails

Summary: [NMCI] 8021x_ttls_mschapv2_eap test fails

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	wpa_supplicant
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Davide Caratti
QA Contact:	Laura Trivelloni
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-02-10 18:27 UTC by Vladimir Benes
Modified:	2023-06-05 14:15 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-06-05 14:09:30 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	NMT-595	0	None	None	None	2023-06-05 14:15:45 UTC
Red Hat Issue Tracker	RHELPLAN-111951	0	None	None	None	2022-02-10 18:34:45 UTC

Description Vladimir Benes 2022-02-10 18:27:17 UTC

Description of problem:
https://desktopqe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/beaker-NetworkManager-main-veth-rhel9-upstream/930/artifact/artifacts/FAIL_report_NetworkManager-ci_Test0534_8021x_ttls_mschapv2_eap.html
 
and a few other tests are failing when trying to switch to legacy OpenSSL provider

wpa log:
-- Journal begins at Thu 2022-02-03 13:57:46 EST, ends at Thu 2022-02-03 16:15:41 EST. --
1643922915.742051 wpa_supplicant[49622]: test8X: Associated with 01:80:c2:00:00:03
1643922915.742057 wpa_supplicant[49622]: test8X: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
1643922917.742495 wpa_supplicant[49622]: test8X: CTRL-EVENT-EAP-STARTED EAP authentication started
1643922917.742730 wpa_supplicant[49622]: test8X: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
1643922917.743033 wpa_supplicant[49622]: test8X: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
1643922917.743611 wpa_supplicant[49622]: test8X: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
1643922917.748273 wpa_supplicant[49622]: test8X: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=CZ/ST=Jihomoravsky kraj/L=Brno/O=Red Hat Czech/OU=DesktopQE/CN=Red Hat CA' hash=03315e2b561b8c6f64b66fa0b19a2c93949e09387e405df94448c7a5a9ff2abc
1643922917.748551 wpa_supplicant[49622]: test8X: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=CZ/ST=Jihomoravsky kraj/O=Red Hat Czech/OU=DesktopQE/CN=*.redhat.com' hash=8fc62a13ebd2abc2f4184358014e8cab2434eb7143c5d39aa0027a2f530b5a14
1643922917.749798 wpa_supplicant[49622]: OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported
1643922917.749801 wpa_supplicant[49622]: EAP-MSCHAPV2: Failed to derive response
1643922917.749803 wpa_supplicant[49622]: EAP-TTLS: Phase2 Request processing failed
1643922917.749806 wpa_supplicant[49622]: test8X: CTRL-EVENT-EAP-FAILURE EAP authentication failed
1643922941.079207 wpa_supplicant[49622]: test8X: CTRL-EVENT-DISCONNECTED bssid=01:80:c2:00:00:03 reason=3 locally_generated=1
1643922941.079212 wpa_supplicant[49622]: test8X: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=1 duration=10 reason=AUTH_FAILED
1643922941.079272 wpa_supplicant[49622]: test8X: CTRL-EVENT-DSCP-POLICY clear_all
1643922941.079564 wpa_supplicant[49622]: test8X: CTRL-EVENT-DSCP-POLICY clear_all
1643922941.098152 wpa_supplicant[49622]: test8X: CTRL-EVENT-DSCP-POLICY clear_all

what is interesting is that it only happens using one of these machines:
Dell Inc. XPS 8930 (0859)
Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
16384 MB memory, 1000 GB disk space

when I add legacy provider manually it works well:
sed '-i.bak' s/'^##'/''/g /etc/pki/tls/openssl.cnf
systemctl restart wpa_supplicant
[root@machine]# openssl list -providers
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.1
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.1
    status: active

Version-Release number of selected component (if applicable):
wpa_supplicant-2.10-1.el9.x86_64
hostapd-2.10-1.el9.x86_64

How reproducible:
always

Steps to Reproduce:
1. clone NMCI repo and run the test on the HW mentioned above
2. git clone https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci
3. run ./test_run.sh 8021x_ttls_mschapv2_eap

Actual results:
FAIL

Expected results:
successful connect

Additional info:

Comment 4 Davide Caratti 2023-01-20 10:28:21 UTC

hi @vbenes, based on the analysis we did few weeks ago, can you confirm that the reported failures are due to "foreign" EAPOL messages coming fromn other machines in the same setup? I'm asking because I suspect that it's also the root cause for what David observed in bz2083565. Thanks!

Comment 5 Vladimir Benes 2023-06-05 14:09:30 UTC

(In reply to Davide Caratti from comment #4)
> hi @vbenes, based on the analysis we did few weeks ago, can you confirm that
> the reported failures are due to "foreign" EAPOL messages coming fromn other
> machines in the same setup? I'm asking because I suspect that it's also the
> root cause for what David observed in bz2083565. Thanks!

I agree, let's close this

Note You need to log in before you can comment on or make changes to this bug.