Bug 541924 - Cannot connect to wpa eap-tls network on fedora 12
Cannot connect to wpa eap-tls network on fedora 12
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: wpa_supplicant (Show other bugs)
12
x86_64 Linux
low Severity high
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-27 10:49 EST by Fabio Airoldi
Modified: 2010-01-12 10:40 EST (History)
4 users (show)

See Also:
Fixed In Version: 0.6.8-8.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-01-07 16:43:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
wpa_supplicant log using networkmanager (544.15 KB, text/plain)
2009-11-27 10:49 EST, Fabio Airoldi
no flags Details
wpa_supplicant configuration following instructions from my university (382 bytes, application/octet-stream)
2009-11-27 10:50 EST, Fabio Airoldi
no flags Details

  None (edit)
Description Fabio Airoldi 2009-11-27 10:49:33 EST
Created attachment 374241 [details]
wpa_supplicant log using networkmanager

Description of problem:

I can't connect to my university wpa eap-tls network after upgrading to fedora 12.
On fedora 11 I was able to connect to that network with the same .p12 certificate.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. openssl pkcs12 -cacerts -in CertificatoASI.p12 -out asi.pem
2. configure NetworkManager (WPA, TLS, CA=asi.pem, private key=CertificatoASI.p12)
3. connect to network
  
Actual results:

Connection fails with an openssl error

Expected results:

Succesful connection

Additional info:

I also tried using wpa_supplicant directly, conf. file attached
Comment 1 Fabio Airoldi 2009-11-27 10:50:39 EST
Created attachment 374242 [details]
wpa_supplicant configuration following instructions from my university
Comment 2 Tomas Mraz 2009-12-07 12:43:41 EST
In the log I see that the private key load failed. What kind of the private key is that - RSA or DSA? Are you able to extract it out of the pkcs12 file with openssl pkcs12 -in CertificatoASI.p12 -nocerts -out key?
Comment 3 Fabio Airoldi 2009-12-08 09:44:24 EST
I can extract the key with no errors.

I don't know the kind of the key but I think that's RSA. 
Running openssl rsa -in key -text -noout prints information about the key.
Running openssl dsa -in key -text -noout
gives :

read DSA key
Enter pass phrase for key:
unable to load Key
140533299726152:error:06078081:digital envelope routines:EVP_PKEY_get1_DSA:expecting a dsa key:p_lib.c:308:

Don't know if this is useful but running:

openssl pkcs12 -in CertificatoASI.p12 -info -noout

gives me:

Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Sorry, I don't know much about openssl and this stuff but I'll try to provide all the information that you require.
Comment 4 Tomas Mraz 2009-12-08 10:08:22 EST
This looks like the same problem as bug 538851. Although in your case it does not crash. I wonder what is the difference.
Comment 5 Tomas Mraz 2009-12-15 05:17:06 EST
Can you please try the wpa_supplicant patch I've attached to the bug 538851?
Comment 6 Fabio Airoldi 2009-12-16 05:50:39 EST
It works, thank you very much.
Comment 7 Tomas Mraz 2009-12-16 06:01:39 EST
OK, back to wpa_supplicant.
Comment 8 Fedora Update System 2010-01-06 22:59:37 EST
wpa_supplicant-0.6.8-8.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/wpa_supplicant-0.6.8-8.fc12
Comment 9 Fedora Update System 2010-01-06 23:00:16 EST
wpa_supplicant-0.6.8-8.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/wpa_supplicant-0.6.8-8.fc11
Comment 10 Fedora Update System 2010-01-07 16:43:42 EST
wpa_supplicant-0.6.8-8.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2010-01-07 16:48:36 EST
wpa_supplicant-0.6.8-8.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Matthias Andree 2010-01-12 10:40:19 EST
Issue is fixed for me on F12.

Note You need to log in before you can comment on or make changes to this bug.