541924 – Cannot connect to wpa eap-tls network on fedora 12

Bug 541924 - Cannot connect to wpa eap-tls network on fedora 12

Summary: Cannot connect to wpa eap-tls network on fedora 12

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	wpa_supplicant
Sub Component:
Version:	12
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Dan Williams
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-11-27 15:49 UTC by Fabio Airoldi
Modified:	2010-01-12 15:40 UTC (History)
CC List:	4 users (show)
Fixed In Version:	0.6.8-8.fc12
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-01-07 21:43:46 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
wpa_supplicant log using networkmanager (544.15 KB, text/plain) 2009-11-27 15:49 UTC, Fabio Airoldi	no flags	Details
wpa_supplicant configuration following instructions from my university (382 bytes, application/octet-stream) 2009-11-27 15:50 UTC, Fabio Airoldi	no flags	Details
View All

Description Fabio Airoldi 2009-11-27 15:49:33 UTC

Created attachment 374241 [details]
wpa_supplicant log using networkmanager

Description of problem:

I can't connect to my university wpa eap-tls network after upgrading to fedora 12.
On fedora 11 I was able to connect to that network with the same .p12 certificate.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. openssl pkcs12 -cacerts -in CertificatoASI.p12 -out asi.pem
2. configure NetworkManager (WPA, TLS, CA=asi.pem, private key=CertificatoASI.p12)
3. connect to network
  
Actual results:

Connection fails with an openssl error

Expected results:

Succesful connection

Additional info:

I also tried using wpa_supplicant directly, conf. file attached

Comment 1 Fabio Airoldi 2009-11-27 15:50:39 UTC

Created attachment 374242 [details]
wpa_supplicant configuration following instructions from my university

Comment 2 Tomas Mraz 2009-12-07 17:43:41 UTC

In the log I see that the private key load failed. What kind of the private key is that - RSA or DSA? Are you able to extract it out of the pkcs12 file with openssl pkcs12 -in CertificatoASI.p12 -nocerts -out key?

Comment 3 Fabio Airoldi 2009-12-08 14:44:24 UTC

I can extract the key with no errors.

I don't know the kind of the key but I think that's RSA. 
Running openssl rsa -in key -text -noout prints information about the key.
Running openssl dsa -in key -text -noout
gives :

read DSA key
Enter pass phrase for key:
unable to load Key
140533299726152:error:06078081:digital envelope routines:EVP_PKEY_get1_DSA:expecting a dsa key:p_lib.c:308:

Don't know if this is useful but running:

openssl pkcs12 -in CertificatoASI.p12 -info -noout

gives me:

Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Sorry, I don't know much about openssl and this stuff but I'll try to provide all the information that you require.

Comment 4 Tomas Mraz 2009-12-08 15:08:22 UTC

This looks like the same problem as bug 538851. Although in your case it does not crash. I wonder what is the difference.

Comment 5 Tomas Mraz 2009-12-15 10:17:06 UTC

Can you please try the wpa_supplicant patch I've attached to the bug 538851?

Comment 6 Fabio Airoldi 2009-12-16 10:50:39 UTC

It works, thank you very much.

Comment 7 Tomas Mraz 2009-12-16 11:01:39 UTC

OK, back to wpa_supplicant.

Comment 8 Fedora Update System 2010-01-07 03:59:37 UTC

wpa_supplicant-0.6.8-8.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/wpa_supplicant-0.6.8-8.fc12

Comment 9 Fedora Update System 2010-01-07 04:00:16 UTC

wpa_supplicant-0.6.8-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/wpa_supplicant-0.6.8-8.fc11

Comment 10 Fedora Update System 2010-01-07 21:43:42 UTC

wpa_supplicant-0.6.8-8.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2010-01-07 21:48:36 UTC

wpa_supplicant-0.6.8-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Matthias Andree 2010-01-12 15:40:19 UTC

Issue is fixed for me on F12.

Note You need to log in before you can comment on or make changes to this bug.