Following an upgrade this morning to the latest Wpa_supplicant (v1:2.11-1.fc40), I experienced connectivity issues with my company's wireless network after rebooting the machine. To troubleshoot, I've switched back to debugging from home using my Radius server. WPA-EAP settings: key_mgmt = WPA-EAP eap = TLS" wpa_supplicant 2.11 Successfully initialized wpa_supplicant wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=WORLD wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=WORLD wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=COUNTRY alpha2=DE p2p-dev-wlp0s20: Channel list changed: 6 GHz was enabled wlp0s20f3: Channel list changed: 6 GHz was enabled wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=COUNTRY alpha2=DE wlp0s20f3: SME: Trying to authenticate with 90:9a:4a:19:e8:e2 (SSID='TP-Link_E8E2' freq=2422 MHz) wlp0s20f3: Trying to associate with 90:9a:4a:19:e8:e2 (SSID='TP-Link_E8E2' freq=2422 MHz) wlp0s20f3: Associated with 90:9a:4a:19:e8:e2 wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 SSL: Configuration uses engine, but engine support was not compiled in TLS: Failed to load private key TLS: Failed to set TLS connection parameters EAP-TLS: Failed to initialize SSL. wlp0s20f3: CTRL-REQ-PASSPHRASE-0:Private key passphrase needed for SSID TP-Link_E8E2 wlp0s20f3: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) wpa_supplicant 2.10 Successfully initialized wpa_supplicant wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=WORLD wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=COUNTRY alpha2=DE wlp0s20f3: SME: Trying to authenticate with 90:9a:4a:19:e8:e2 (SSID='TP-Link_E8E2' freq=2422 MHz) wlp0s20f3: Trying to associate with 90:9a:4a:19:e8:e2 (SSID='TP-Link_E8E2' freq=2422 MHz) wlp0s20f3: Associated with 90:9a:4a:19:e8:e2 wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin/CN=Example Certificate Authority' hash=d9e7cdec0df3c5ec2c1d706c54ee77bec097c38bd7e68c29ba6b461eb50a1cf3 wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin' hash=a1fdec476e25978f18dc2cd6b9edd3a5b6a37ac0cfd6ca18cb7fdf43a9bb1911 wlp0s20f3: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully wlp0s20f3: PMKSA-CACHE-ADDED 90:9a:4a:19:e8:e2 0 wlp0s20f3: WPA: Key negotiation completed with 90:9a:4a:19:e8:e2 [PTK=CCMP GTK=TKIP] wlp0s20f3: CTRL-EVENT-CONNECTED - Connection to 90:9a:4a:19:e8:e2 completed [id=0 id_str=] network={ ssid="TP-Link_E8E2" key_mgmt=WPA-EAP eap=TLS identity="user01" ca_cert="/etc/pki/SSID/ca.pem" client_cert="/etc/pki/SSID/client.crt" private_key="pkcs11:model=%01%01%04%00%02%01%02%00%00%00%00%00%00%00%00%00;manufacturer=STMicro;serial=0000000000000000;token=LABEL;id=%34%61%63%33%62%62%39%66%30%64%31%66%30%65%63%30;object=KEY_LABEL;type=private;pin-value=userpin" } Reproducible: Always Expected Results: It should connect just like 2.10
The issue is not caused by 2.11 the problem is with. -DOPENSSL_NO_ENGINE
Related to the changes for https://bugzilla.redhat.com/show_bug.cgi?id=2301368 "Disable OpenSSL ENGINE API (#2301368)"?
There is almost no information in that ticket. Can you explain the reason as this impacts eap-tls which impacts PKCS#11 URLs from loading.
If we look at https://src.fedoraproject.org/rpms/wpa_supplicant/c/69ec267e7616f96ca9442ee84b5cf736de3735a8 (way down at the bottom) there was `-DOPENSSL_NO_ENGINE` explicitly added and referencing that FTBFS ticket. This was likely caused by https://src.fedoraproject.org/rpms/openssl/c/e67e9d9c40cd2cb9547e539c658e2b63f2736762 and moving the engine support to subpackage. If we need to re-enable engine support for now, the wpa_supplicant package will just need to BR this new subpackage.
Thank you! I'll give it a try. It's unfortunate that this wasn't available alongside wpa_supplicant 2.11
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/H3OOWA43BGEBTSM2GRBYDN3SLUTETFL5/ for context on the openssl engine change.
@traxtopel the easiest "fix" right now is to just downgrade to the 2.10 package while this gets sorted out.
I'm not certain if this information is useful, but I downloaded version 3.2.2-5 from Koji and rebuilt it on Fedora 40. Here are the installed components: openssl-libs-3.2.2-5.fc40.x86_64 openssl-3.2.2-5.fc40.x86_64 openssl-devel-3.2.2-5.fc40.x86_64 openssl-perl-3.2.2-5.fc40.x86_64 openssl-devel-engine-3.2.2-5.fc40.x86_64 Still see the same message. Wondering how I meant to load PKCS#11 URLs using wpa_supplicant. SSL: Configuration uses engine, but engine support was not compiled in TLS: Failed to load private key TLS: Failed to set TLS connection parameters EAP-TLS: Failed to initialize SSL.
wpa_supplicant might need to be rebuilt with the engine enabled. Can you confirm that wpa_supplicant-2.10-10.fc40 (https://koji.fedoraproject.org/koji/buildinfo?buildID=2406268) works fine in your environment?
I can confirm that wpa_supplicant-2.10-10.fc40.x86_64 functions properly in our environment. Multiple users have successfully downgraded, restarted the wpa_supplicant service, and regained connectivity.
@traxtopel If you could test https://koji.fedoraproject.org/koji/taskinfo?taskID=121577671 when it's finished building that will confirm this issue only has to do with openssl engine being disabled. Thanks.
The build failed. I'll diagnose and do another one when I find a free cycle.
I understand why it's failing: there is no f40 openssl-devel-engine available. I downloaded your wpa_supplicant-2.11-3.fc40.src.rpm and rebuilt it locally, which resolved the issue. The key change was removing DOPENSSL_NO_ENGINE, allowing the PKCS#11 engine to be detected/used again. Hope this pushed as an update until another solution can be found.
https://koji.fedoraproject.org/koji/taskinfo?taskID=121584354 has the BR removed conditionally for F40. There might be some additional cleanup needed with this new openssl packaging strategy that can be done after this issue is resolved. https://src.fedoraproject.org/rpms/wpa_supplicant/pull-request/26 submitted to propose re-enabling.
I tried it a while ago and unfortunately for me with wpa_supplicant-2.11-3.fc40.x86_64 (https://koji.fedoraproject.org/koji/taskinfo?taskID=121584474) the problem remains unsolved. Security is usual WPA/WPA2 personal I downgraded to 2.10-10 System log with 2.11-2 19:12:45 wpa_supplicant: wlp5s0: CTRL-EVENT-SCAN-FAILED ret=-22 19:11:33 NetworkManager: <info> [1722960693.9828] device (wlp5s0): supplicant interface state: disconnected -> inactive 19:11:33 wpa_supplicant: wlp5s0: CTRL-EVENT-SCAN-FAILED ret=-22 19:11:33 NetworkManager: <info> [1722960693.6809] device (wlp5s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') 19:11:33 wpa_supplicant: wlp5s0: CTRL-EVENT-DSCP-POLICY clear_all 19:11:33 NetworkManager: <info> [1722960693.6805] device (wlp5s0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed') 19:11:32 wpa_supplicant: wlp5s0: CTRL-EVENT-SCAN-FAILED ret=-22 retry=1 19:11:07 NetworkManager: <info> [1722960667.9492] device (wlp5s0): Activation: (wifi) connection 'WF-AP-5GHz' has security, and secrets exist. No new secrets needed. 19:11:07 NetworkManager: <info> [1722960667.9491] device (wlp5s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') 19:11:07 NetworkManager: <info> [1722960667.9489] device (wlp5s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed') 19:11:07 NetworkManager: <info> [1722960667.9485] device (wlp5s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed') 19:11:07 NetworkManager: <info> [1722960667.9485] device (wlp5s0): Activation: (wifi) access point 'WF-AP-5GHz' has security, but secrets are required. 19:11:07 NetworkManager: <info> [1722960667.9483] device (wlp5s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') 19:11:07 NetworkManager: <info> [1722960667.9476] device (wlp5s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') 19:11:07 NetworkManager: <info> [1722960667.9475] device (wlp5s0): Activation: starting connection 'WF-AP-5GHz' (2e7425e1-c3ef-426d-997e-497c74e11714) 19:11:04 wpa_supplicant: wlp5s0: CTRL-EVENT-SCAN-FAILED ret=-22 19:10:22 NetworkManager: <info> [1722960622.1409] device (wlp5s0): state change: unavailable -> disconnected (reason 'supplicant-available', sys-iface-state: 'managed') 19:10:22 NetworkManager: <info> [1722960622.1409] device (wlp5s0): supplicant interface state: internal-starting -> disconnected 19:10:22 NetworkManager: <info> [1722960622.0250] device (wlp5s0): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external') 19:10:22 NetworkManager: <info> [1722960622.0249] manager: (wlp5s0): new 802.11 Wi-Fi device (/org/freedesktop/NetworkManager/Devices/2) 19:10:22 NetworkManager: <info> [1722960622.0246] device (wlp5s0): driver supports Access Point (AP) mode 19:10:22 NetworkManager: <info> [1722960622.0130] rfkill0: found Wi-Fi radio killswitch (at /sys/devices/pci0000:00/0000:00:01.2/0000:02:00.2/0000:03:07.0/0000:05:00.0/ieee80211/phy0/rfkill0) (driver wl) 19:10:21 NetworkManager: <info> [1722960621.9498] Read config: /etc/NetworkManager/NetworkManager.conf (lib: 20-connectivity-fedora.conf, 22-wifi-mac-addr.conf, 90-broadcom-wl.conf) 19:10:20 kernel: wl 0000:05:00.0 wlp5s0: renamed from eth0 19:10:20 kernel: wl 0000:05:00.0 wlp5s0: renamed from eth0 19:10:20 kernel: wl 0000:05:00.0: enabling device (0000 -> 0002) 19:10:20 kernel: wl_module_init+0x17/0xa0 [wl] 19:10:20 kernel: wl_module_init+0x17/0xa0 [wl] 19:10:20 kernel: ? __UNIQUE_ID_vermagic434+0x523e3f547ebb/0x523e3f547ebb [wl] 19:10:20 kernel: getvar+0x20/0x70 [wl] 19:10:20 kernel: Modules linked in: ... wl(POE+) ... System log with 2.10-10 19:31:38 NetworkManager: <info> [1722961898.6287] dhcp6 (wlp5s0): state changed new lease 19:31:38 avahi-daemon: Withdrawing address record for fe80::9f15:59a1:bf58:5677 on wlp5s0. 19:31:38 NetworkManager: <info> [1722961898.6257] dhcp6 (wlp5s0): activation: beginning transaction (timeout in 45 seconds) 19:31:33 systemd-resolve: wlp5s0: Bus client set DNS server list to: yyy.yyy.yyy.yyy 19:31:33 systemd-resolve: wlp5s0: Bus client set default route setting: yes 19:31:33 avahi-daemon: Registering new address record for xxx.xxx.xxx.xxx on wlp5s0.IPv4. 19:31:33 avahi-daemon: Registering new address record for xxx.xxx.xxx.xxx on wlp5s0.IPv4. 19:31:33 avahi-daemon: New relevant interface wlp5s0.IPv4 for mDNS. 19:31:33 systemd-resolve: wlp5s0: Bus client set search domain list to: net-provider 19:31:33 avahi-daemon: Joining mDNS multicast group on interface wlp5s0.IPv4 with address xxx.xxx.xxx.xxx 19:31:33 NetworkManager: <info> [1722961893.5293] policy: set 'WF-AP-5GHz' (wlp5s0) as default for IPv4 routing and DNS 19:31:33 NetworkManager: <info> [1722961893.5293] policy: set 'WF-AP-5GHz' (wlp5s0) as default for IPv4 routing and DNS 19:31:33 NetworkManager: <info> [1722961893.5290] dhcp4 (wlp5s0): state changed new lease, address=xxx.xxx.xxx.xxx 19:31:33 NetworkManager: <info> [1722961893.3748] dhcp4 (wlp5s0): state changed new lease, address=xxx.xxx.xxx.xxx, acd pending 19:31:33 avahi-daemon: Registering new address record for fe80::9f15:59a1:bf58:5677 on wlp5s0.*. 19:31:33 avahi-daemon: Registering new address record for fe80::9f15:59a1:bf58:5677 on wlp5s0.*. 19:31:33 avahi-daemon: New relevant interface wlp5s0.IPv6 for mDNS. 19:31:33 avahi-daemon: Joining mDNS multicast group on interface wlp5s0.IPv6 with address fe80::9f15:59a1:bf58:5677. 19:31:33 NetworkManager: <info> [1722961893.2943] dhcp4 (wlp5s0): activation: beginning transaction (timeout in 45 seconds) 19:31:33 NetworkManager: <info> [1722961893.2943] dhcp4 (wlp5s0): activation: beginning transaction (timeout in 45 seconds) 19:31:33 NetworkManager: <info> [1722961893.2940] device (wlp5s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') 19:31:33 NetworkManager: <info> [1722961893.2583] device (wlp5s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "WF-AP-5GHz" 19:31:33 NetworkManager: <info> [1722961893.2583] device (wlp5s0): supplicant interface state: associating -> completed 19:31:33 wpa_supplicant: wlp5s0: CTRL-EVENT-CONNECTED - Connection to ac:84:c6:95:4d:ed completed [id=0 id_str=] 19:31:33 wpa_supplicant: wlp5s0: CTRL-EVENT-CONNECTED - Connection to ac:84:c6:95:4d:ed completed [id=0 id_str=] 19:31:33 wpa_supplicant: wlp5s0: WPA: Key negotiation completed with ac:84:c6:95:4d:ed [PTK=CCMP GTK=TKIP] 19:31:33 wpa_supplicant: wlp5s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 19:31:33 wpa_supplicant: wlp5s0: Associated with ac:84:c6:95:4d:ed 19:31:33 NetworkManager: <info> [1722961893.1697] device (wlp5s0): supplicant interface state: disconnected -> associating 19:31:33 wpa_supplicant: wlp5s0: Trying to associate with ac:84:c6:95:4d:ed (SSID='WF-AP-5GHz' freq=5220 MHz) 19:31:33 wpa_supplicant: wlp5s0: Trying to associate with ac:84:c6:95:4d:ed (SSID='WF-AP-5GHz' freq=5220 MHz) 19:31:33 wpa_supplicant: wlp5s0: WPS-CANCEL 19:31:33 NetworkManager: <info> [1722961893.1592] device (wlp5s0): Activation: (wifi) connection 'WF-AP-5GHz' has security, and secrets exist. No new secrets needed. 19:31:33 NetworkManager: <info> [1722961893.1590] device (wlp5s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') 19:31:33 wpa_supplicant: wlp5s0: CTRL-EVENT-SCAN-FAILED ret=-22 retry=1 19:31:33 NetworkManager: <info> [1722961893.1589] device (wlp5s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed') 19:31:33 NetworkManager: <info> [1722961893.1584] sup-iface[95955dfa455bbbfd,0,wlp5s0]: wps: type pbc start... 19:31:33 NetworkManager: <info> [1722961893.1584] device (wlp5s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed') 19:31:33 NetworkManager: <info> [1722961893.1584] device (wlp5s0): Activation: (wifi) access point 'WF-AP-5GHz' has security, but secrets are required. 19:31:33 NetworkManager: <info> [1722961893.1582] device (wlp5s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') 19:31:33 NetworkManager: <info> [1722961893.1579] device (wlp5s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') 19:31:33 NetworkManager: <info> [1722961893.1579] device (wlp5s0): Activation: starting connection 'WF-AP-5GHz' (2e7425e1-c3ef-426d-997e-497c74e11313) 19:31:31 NetworkManager: <info> [1722961891.1990] device (wlp5s0): state change: unavailable -> disconnected (reason 'supplicant-available', sys-iface-state: 'managed') 19:31:31 NetworkManager: <info> [1722961891.1990] device (wlp5s0): supplicant interface state: internal-starting -> disconnected 19:31:30 NetworkManager: <info> [1722961890.9370] device (wlp5s0): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external') 19:31:30 NetworkManager: <info> [1722961890.9369] manager: (wlp5s0): new 802.11 Wi-Fi device (/org/freedesktop/NetworkManager/Devices/2) 19:31:30 NetworkManager: <info> [1722961890.9366] device (wlp5s0): driver supports Access Point (AP) mode 19:31:30 NetworkManager: <info> [1722961890.9234] rfkill0: found Wi-Fi radio killswitch (at /sys/devices/pci0000:00/0000:00:01.2/0000:02:00.2/0000:03:07.0/0000:05:00.0/ieee80211/phy0/rfkill0) (driver wl) 19:31:30 NetworkManager: <info> [1722961890.8692] Read config: /etc/NetworkManager/NetworkManager.conf (lib: 20-connectivity-fedora.conf, 22-wifi-mac-addr.conf, 90-broadcom-wl.conf) 19:31:28 kernel: wl 0000:05:00.0 wlp5s0: renamed from eth0 19:31:28 kernel: wl 0000:05:00.0 wlp5s0: renamed from eth0 19:31:28 kernel: wl 0000:05:00.0: enabling device (0000 -> 0002) 19:31:28 kernel: wl_module_init+0x17/0xa0 [wl] 19:31:28 kernel: wl_module_init+0x17/0xa0 [wl] 19:31:28 kernel: ? __UNIQUE_ID_vermagic434+0x4412bf5a7ebb/0x4412bf5a7ebb [wl] 19:31:28 kernel: getvar+0x20/0x70 [wl] 19:31:28 kernel: Modules linked in: ... wl(POE+) ...
@isgospodinov I'm reporting an issue relating to the PKCS#11 engine, which prevents me from connecting to a WPA-EAP network. However, the issue you are reporting appears to be unrelated to this problem.
(In reply to traxtopel from comment #16) > @isgospodinov I'm reporting an issue relating to the PKCS#11 > engine, which prevents me from connecting to a WPA-EAP network. However, the > issue you are reporting appears to be unrelated to this problem. The problem is one, global and serious wpa_supplicant 2.11 is is broken, there may be many practical dimensions, of course formally speaking you are right. Without being an expert in the details, they look similar enough to me. Please forgive me if I have personal insult you or your judgment in any way. Best regards!
I agree that wpa_supplicant 2.11 for many is broken. Opening a separate bug report might be a good idea, as it'll allow the team to address the issue you are reporting more efficiently.
Let me trust my own judgment. What is most effective, you and I have no way of knowing if we are not aware of the final organization of the team's work. Good shouldn't be a problem unless the goal is to prove something else. :–)
## wpa_supplicant-2.11-1.fc40 is built without openssl support `-DOPENSSL_NO_ENGINE` was added to CFLAGS and CXXFLAGS. we suspect that this breaks all 802.1X setups using EAP-TLS (at least those who use TPM or smartcard backed certificates, like us). Right now, we have reverted to the last 2.10 build, which works. the build flag seems to have been added to fix a FTBFS. a cursory look suggests that wpa_supplicant.spec is missing a `BuildRequires: openssl-devel-engine`, to fix this properly. (see this recent commit: https://src.fedoraproject.org/rpms/openssl/c/e67e9d9c40cd2cb9547e539c658e2b63f2736762?branch=rawhide)
@Paul Steinlechner I've rebuilt wpa_supplicant the mentioned openssl-devel-engine. Unfortunately, it didn't resolve it for me. See https://bugzilla.redhat.com/show_bug.cgi?id=2303165#c8
(In reply to isgospodinov from comment #19) > Let me trust my own judgment. > What is most effective, you and I have no way of knowing if we are not aware > of the final organization of the team's work. > Good shouldn't be a problem unless the goal is to prove something else. :–) Understandable that we can't know the full impact without seeing the final organization of the team's work. However, I'm not trying to prove anything, just pointing out what seems like an inconsistency or potential problem. Look at bug report https://bugzilla.redhat.com/show_bug.cgi?id=2302577 would appear closer to the issue you see.
(In reply to traxtopel from comment #22) > (In reply to isgospodinov from comment #19) > > Let me trust my own judgment. > > What is most effective, you and I have no way of knowing if we are not aware > > of the final organization of the team's work. > > Good shouldn't be a problem unless the goal is to prove something else. :–) > > Understandable that we can't know the full impact without seeing the final > organization of the team's work. However, I'm not trying to prove anything, > just pointing out what seems like an inconsistency or potential problem. > Look at bug report https://bugzilla.redhat.com/show_bug.cgi?id=2302577 would > appear closer to the issue you see. Just kidding If it's possible ... unpack current stable 2.10-10 modify it as 20.100-1(for example) repack and install you won't have a problem for at least another two months
I'd appreciate an update on the decision to re-enable the OpenSSL engine. I'm more than happy to test the legacy solution once it's available.
hello, for f41 and later openssl3 engines need to be replaced by openssl3 providers _ for sure they need to be disabled (see https://discussion.fedoraproject.org/t/f41-change-proposal-openssl-deprecate-engine-system-wide/111344). For f40, we can still use 2.11 and keep them enabled. Just reverting the 2 -DOPENSSL_NO_ENGINE lines should suffice, the FTBFS error just affects f41 in my understanding
https://src.fedoraproject.org/fork/dcaratti/rpms/wpa_supplicant/c/8ef2ab537071dcec457e235b6cd0a481084dfe93?branch=re-enable-openssl-engine-f40 is the new proposed fix to be merged only for F40. I closed my PR proposal to just re-enable the engine for all releases. https://koji.fedoraproject.org/koji/taskinfo?taskID=121750362 is a test build. Davide, Do you want me to pester provenpackagers to get this change applied for you or do you intend to do it?
hello, (In reply to Jonathan Steffan from comment #26) > https://src.fedoraproject.org/fork/dcaratti/rpms/wpa_supplicant/c/ > 8ef2ab537071dcec457e235b6cd0a481084dfe93?branch=re-enable-openssl-engine-f40 > is the new proposed fix to be merged only for F40. I closed my PR proposal > to just re-enable the engine for all releases. > https://koji.fedoraproject.org/koji/taskinfo?taskID=121750362 is a test > build. > > Davide, > > Do you want me to pester provenpackagers to get this change applied for you > or do you intend to do it? I will update f40 to version 2.11-3 right now. For f41/rawhide we need to switch wpa_supplicant to use the pkcs11 provider [1] and keep OPENSSL_NO_ENGINE, that will need some further development in the next days. [1] https://packages.fedoraproject.org/pkgs/pkcs11-provider/pkcs11-provider/
FEDORA-2024-8db3b7bb91 (wpa_supplicant-2.11-3.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-8db3b7bb91
FEDORA-2024-8db3b7bb91 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-8db3b7bb91` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-8db3b7bb91 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
The update is functioning correctly against my test lab. A colleague on-site today has also verified that it works with the Enterprise WPA-EAP environment.
FEDORA-2024-8db3b7bb91 (wpa_supplicant-2.11-3.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.