Red Hat Bugzilla – Bug 541924
Cannot connect to wpa eap-tls network on fedora 12
Last modified: 2010-01-12 10:40:19 EST
Created attachment 374241 [details]
wpa_supplicant log using networkmanager
Description of problem:
I can't connect to my university wpa eap-tls network after upgrading to fedora 12.
On fedora 11 I was able to connect to that network with the same .p12 certificate.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. openssl pkcs12 -cacerts -in CertificatoASI.p12 -out asi.pem
2. configure NetworkManager (WPA, TLS, CA=asi.pem, private key=CertificatoASI.p12)
3. connect to network
Connection fails with an openssl error
I also tried using wpa_supplicant directly, conf. file attached
Created attachment 374242 [details]
wpa_supplicant configuration following instructions from my university
In the log I see that the private key load failed. What kind of the private key is that - RSA or DSA? Are you able to extract it out of the pkcs12 file with openssl pkcs12 -in CertificatoASI.p12 -nocerts -out key?
I can extract the key with no errors.
I don't know the kind of the key but I think that's RSA.
Running openssl rsa -in key -text -noout prints information about the key.
Running openssl dsa -in key -text -noout
read DSA key
Enter pass phrase for key:
unable to load Key
140533299726152:error:06078081:digital envelope routines:EVP_PKEY_get1_DSA:expecting a dsa key:p_lib.c:308:
Don't know if this is useful but running:
openssl pkcs12 -in CertificatoASI.p12 -info -noout
Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Sorry, I don't know much about openssl and this stuff but I'll try to provide all the information that you require.
This looks like the same problem as bug 538851. Although in your case it does not crash. I wonder what is the difference.
Can you please try the wpa_supplicant patch I've attached to the bug 538851?
It works, thank you very much.
OK, back to wpa_supplicant.
wpa_supplicant-0.6.8-8.fc12 has been submitted as an update for Fedora 12.
wpa_supplicant-0.6.8-8.fc11 has been submitted as an update for Fedora 11.
wpa_supplicant-0.6.8-8.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
wpa_supplicant-0.6.8-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
Issue is fixed for me on F12.