Can not get EAP-FAST authentication to work when linking against OpenSSL 1.1.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

My Ubuntu running wpa_supplicant 2.9 and OpenSSL 1.1.1c is not able to use
EAP-FAST authentication. On the receiving end there is a Cisco ISE running
latest firmware.

I also have an embedded target with the same symptom.

I have tried building HEAD on wpa_supplicant, but it does not work better.

I then tried building HEAD wpa_supplicant with latest OpenSSL 1.0.2u release,
and here EAP-FAST authentication is successful.

I compared -dd debug output between the two, and everything looks identical
up to phase 2.

OpenSSL 1.0.2u + wpa_supplicant HEAD:
  EAPOL: Received EAP-Packet frame
  EAPOL: SUPP_BE entering state REQUEST
  EAPOL: getSuppRsp
  EAP: EAP entering state RECEIVED
  EAP: Received EAP-Request id=96 method=43 vendor=0 vendorMethod=0
  EAP: EAP entering state METHOD
  SSL: Received packet(len=91) - Flags 0x01
  EAP-FAST: Received 85 bytes encrypted data for Phase 2
  OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
  OpenSSL: Message - hexdump(len=5): [REMOVED]
  EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=55):
  EAP-FAST: Received Phase 2: TLV type 9 length 51 (mandatory)
  EAP-FAST: EAP-Payload TLV - hexdump(len=51):
  EAP-FAST: Phase 2 Request: type=0:26
  EAP-MSCHAPV2: RX identifier 96 mschapv2_id 95
  EAP-MSCHAPV2: Received success
  EAP-MSCHAPV2: Success message - hexdump(len=0):
  EAP-MSCHAPV2: Authentication succeeded

OpenSSL 1.1.1d + wpa_supplicant HEAD:
  EAPOL: Received EAP-Packet frame
  EAPOL: SUPP_BE entering state REQUEST
  EAPOL: getSuppRsp
  EAP: EAP entering state RECEIVED
  EAP: Received EAP-Request id=156 method=43 vendor=0 vendorMethod=0
  EAP: EAP entering state METHOD
  SSL: Received packet(len=123) - Flags 0x01
  EAP-FAST: Received 117 bytes encrypted data for Phase 2
  OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
  OpenSSL: Message - hexdump(len=5): [REMOVED]
  EAP-FAST: Decrypted Phase 2 TLV(s) - hexdump(len=61):
  EAP-FAST: Received Phase 2: TLV type 9 length 57 (mandatory)
  EAP-FAST: EAP-Payload TLV - hexdump(len=57):
  EAP-FAST: Phase 2 Request: type=0:26
  EAP-MSCHAPV2: RX identifier 156 mschapv2_id 155
  EAP-MSCHAPV2: Received failure
  EAP-MSCHAPV2: Failure data - hexdump(len=48):
  EAP-MSCHAPV2: error 691
  EAP-MSCHAPV2: retry is allowed

Are there anybody able to assist me further, point to something obvious wrong,
suggest further debugging, etc?

-- 
Best regards,
Hans-Christian Noren Egtvedt

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux