hi, On Wed, Nov 20, 2024 at 12:48 PM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> wrote: > [...] >> I'm trying a setup right now, to understand what's happening. >> wpa_supplicant does not need pkcs11-provider *at the moment*, because >> it uses engine API for pkcs11 (and that is going to be a problem in >> the future for EAP-TLS with pkcs11, if engine disappears from >> openssl). However, it loads the legacy provider at startup, because >> it's needed for MSCHAPv2 in the inner authentication. > > > Do you also load the default provider and/or set default fetching properties? wpa_supplicant loads the legacy provider through OSSL_provider_try_load() [1][2] once (typically, on program startup), and then it unloads it when program is exiting. What "set default fetching properties" means? (Also, I tried reproducing locally on f41 with NetworkManager-ci and << simwifi_ttls_mschapv2_eap >> test, but did not see any failure... @Arthur, can you share an example configuration for eduroam?) thanks, -- davide [1] https://w1.fi/cgit/hostap/tree/src/crypto/tls_openssl.c#n1022 [2] https://w1.fi/cgit/hostap/tree/src/crypto/crypto_openssl.c#n193 -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
