Bug 806128 - Problem connecting WPA WiFi with TLS (certificate) authentication on Fedora 17
Problem connecting WPA WiFi with TLS (certificate) authentication on Fedora 17
Status: CLOSED DUPLICATE of bug 802552
Product: Fedora
Classification: Fedora
Component: wpa_supplicant (Show other bugs)
x86_64 Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-03-22 21:12 EDT by Michal Ambroz
Modified: 2012-04-17 11:14 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-04-17 11:14:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michal Ambroz 2012-03-22 21:12:18 EDT
Description of problem:
In Fedora 17 there is issue connecting to the WiFi network with WPA EAP authenticated with the user certificate. 

When monitoring the communication (airmon-ng start wlan0, wireshark) everything goes well, certificate is loaded, WiFi accesspont is associated and then at some point:
1)EAP - access point requests identity 
2) wpa supplicant provides identity
3) AP requests for authentication
4) wpa_supplicants sends SSL "Client Hello" to establish ssl. It offers the encryption protocols 
5) The AP replies with "Deauthentication, authentication failed."

My Certificates+WIFI are valid and proven to work (Fedora 16, Windows XP).

Version-Release number of selected component (if applicable):

How reproducible:
Can be reproduced with using Network Manager and as well using the wpa_supplicant directly. 

Steps to Reproduce:
1. Configure to connect to WPA+EAP+TLS Access point
Network Manager/Network Name/Other
Network name: name of the network
Wireless Security: WPA&WPA2 Enterprise
Authentication: TLS
Fill identity, user certificate, ca certificate, private key provate password 

2. Trace the network traffic with airmon-ng + wireshark 
3. In the packet capture look for the SSL client hello
Actual results:
SSL client hello is directly followed with deauthenticated response from the Access point..

Expected results:
wpa_supplicant should be instead able to agree with the server on some encryption mechanism common for them and send the authentication itself.

Additional info:
might or might not be related to bug 802552
Comment 1 Michal Ambroz 2012-03-23 08:33:25 EDT
Tried to downgrade to wpa_supplicant-1.0-0.2.fc17.x86_64.rpm as suggested in 802552 and it works with version wpa_supplicant-1.0-0.2.fc17.x86_64.rpm.
Comment 3 Jirka Klimes 2012-04-17 11:14:46 EDT

*** This bug has been marked as a duplicate of bug 802552 ***

Note You need to log in before you can comment on or make changes to this bug.