Red Hat Bugzilla – Bug 806128
Problem connecting WPA WiFi with TLS (certificate) authentication on Fedora 17
Last modified: 2012-04-17 11:14:46 EDT
Description of problem:
In Fedora 17 there is issue connecting to the WiFi network with WPA EAP authenticated with the user certificate.
When monitoring the communication (airmon-ng start wlan0, wireshark) everything goes well, certificate is loaded, WiFi accesspont is associated and then at some point:
1)EAP - access point requests identity
2) wpa supplicant provides identity
3) AP requests for authentication
4) wpa_supplicants sends SSL "Client Hello" to establish ssl. It offers the encryption protocols
5) The AP replies with "Deauthentication, authentication failed."
My Certificates+WIFI are valid and proven to work (Fedora 16, Windows XP).
Version-Release number of selected component (if applicable):
Can be reproduced with using Network Manager and as well using the wpa_supplicant directly.
Steps to Reproduce:
1. Configure to connect to WPA+EAP+TLS Access point
Network Manager/Network Name/Other
Network name: name of the network
Wireless Security: WPA&WPA2 Enterprise
Fill identity, user certificate, ca certificate, private key provate password
2. Trace the network traffic with airmon-ng + wireshark
3. In the packet capture look for the SSL client hello
SSL client hello is directly followed with deauthenticated response from the Access point..
wpa_supplicant should be instead able to agree with the server on some encryption mechanism common for them and send the authentication itself.
might or might not be related to bug 802552
Tried to downgrade to wpa_supplicant-1.0-0.2.fc17.x86_64.rpm as suggested in 802552 and it works with version wpa_supplicant-1.0-0.2.fc17.x86_64.rpm.
Changed karma of https://admin.fedoraproject.org/updates/FEDORA-2012-2857/wpa_supplicant-1.0-0.3.fc17
*** This bug has been marked as a duplicate of bug 802552 ***