Bug 541924 - Cannot connect to wpa eap-tls network on fedora 12
Summary: Cannot connect to wpa eap-tls network on fedora 12
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: wpa_supplicant
Version: 12
Hardware: x86_64
OS: Linux
low
high
Target Milestone: ---
Assignee: Dan Williams
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-27 15:49 UTC by Fabio Airoldi
Modified: 2010-01-12 15:40 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2010-01-07 21:43:46 UTC


Attachments (Terms of Use)
wpa_supplicant log using networkmanager (544.15 KB, text/plain)
2009-11-27 15:49 UTC, Fabio Airoldi
no flags Details
wpa_supplicant configuration following instructions from my university (382 bytes, application/octet-stream)
2009-11-27 15:50 UTC, Fabio Airoldi
no flags Details

Description Fabio Airoldi 2009-11-27 15:49:33 UTC
Created attachment 374241 [details]
wpa_supplicant log using networkmanager

Description of problem:

I can't connect to my university wpa eap-tls network after upgrading to fedora 12.
On fedora 11 I was able to connect to that network with the same .p12 certificate.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. openssl pkcs12 -cacerts -in CertificatoASI.p12 -out asi.pem
2. configure NetworkManager (WPA, TLS, CA=asi.pem, private key=CertificatoASI.p12)
3. connect to network
  
Actual results:

Connection fails with an openssl error

Expected results:

Succesful connection

Additional info:

I also tried using wpa_supplicant directly, conf. file attached

Comment 1 Fabio Airoldi 2009-11-27 15:50:39 UTC
Created attachment 374242 [details]
wpa_supplicant configuration following instructions from my university

Comment 2 Tomas Mraz 2009-12-07 17:43:41 UTC
In the log I see that the private key load failed. What kind of the private key is that - RSA or DSA? Are you able to extract it out of the pkcs12 file with openssl pkcs12 -in CertificatoASI.p12 -nocerts -out key?

Comment 3 Fabio Airoldi 2009-12-08 14:44:24 UTC
I can extract the key with no errors.

I don't know the kind of the key but I think that's RSA. 
Running openssl rsa -in key -text -noout prints information about the key.
Running openssl dsa -in key -text -noout
gives :

read DSA key
Enter pass phrase for key:
unable to load Key
140533299726152:error:06078081:digital envelope routines:EVP_PKEY_get1_DSA:expecting a dsa key:p_lib.c:308:

Don't know if this is useful but running:

openssl pkcs12 -in CertificatoASI.p12 -info -noout

gives me:

Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Sorry, I don't know much about openssl and this stuff but I'll try to provide all the information that you require.

Comment 4 Tomas Mraz 2009-12-08 15:08:22 UTC
This looks like the same problem as bug 538851. Although in your case it does not crash. I wonder what is the difference.

Comment 5 Tomas Mraz 2009-12-15 10:17:06 UTC
Can you please try the wpa_supplicant patch I've attached to the bug 538851?

Comment 6 Fabio Airoldi 2009-12-16 10:50:39 UTC
It works, thank you very much.

Comment 7 Tomas Mraz 2009-12-16 11:01:39 UTC
OK, back to wpa_supplicant.

Comment 8 Fedora Update System 2010-01-07 03:59:37 UTC
wpa_supplicant-0.6.8-8.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/wpa_supplicant-0.6.8-8.fc12

Comment 9 Fedora Update System 2010-01-07 04:00:16 UTC
wpa_supplicant-0.6.8-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/wpa_supplicant-0.6.8-8.fc11

Comment 10 Fedora Update System 2010-01-07 21:43:42 UTC
wpa_supplicant-0.6.8-8.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2010-01-07 21:48:36 UTC
wpa_supplicant-0.6.8-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Matthias Andree 2010-01-12 15:40:19 UTC
Issue is fixed for me on F12.


Note You need to log in before you can comment on or make changes to this bug.