Re: Can't connec to PEAP anymore on current Ubuntu (2.10 built with openssl3)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey Masashi,
Thanks for your reply. I think the 2 launchpad reports I listed are different issues.
You are right that https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267 is an openssl choice to disable unsecure configuration, the log in that case has
OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL 
routines::unsafe legacy renegotiation disabled
but https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1962541 seems a different problem though, the log in that case seems to be
wpa_supplicant[838]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error wpa_supplicant[838]: EAP: Status notification: local TLS alert (param=internal error) 
wpa_supplicant[838]: SSL: (where=0x1002 ret=0xffffffff)
wpa_supplicant[838]: SSL: SSL_connect:error in error
wpa_supplicant[838]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
Which could also be an openssl issue but seems to not be the same as the legacy renegotiation right? 

Cheers,
Sebastien

Le 06/04/2022 à 03:15, Masashi Honma a écrit :

Thanks for the detailed log.
But I could not find out the way to avoid this issue by fixing wpa_supplicant.

According to the comment
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/comments/11,
adding this to /usr/lib/ssl/openssl.cnf fixes the issue.

[system_default_sect]
Options = UnsafeLegacyRenegotiation

Since this workaround exists, the OpenSSL developers have decided that
this bug wont be fixed.
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834/comments/8

So, as Sebastien says, issue reporters need to encourage network
administrators to use more secure settings.
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/comments/13

Regards,
Masashi Honma.

2022年4月5日(火) 18:44 Sebastien Bacher<seb128@xxxxxxxxxx>:

Hey Masashi, thanks for the reply

Le 04/04/2022 à 09:35, Masashi Honma a écrit :

Thanks for the logs.

But I can not reproduce it yet.
I tried with wpa_supplicant 2.10 package on the Ubuntu 22.04 beta.
It can connect with EAP-PEAP and FreeRADIUS 3.0.25.

I guess you are using -d option for wpa_supplicant.
We can get more detailed log with more 'd's.
Could you provide more detailed log with -ddddddddddd option ?

The reporter added a new log with more debug now
https://launchpadlibrarian.net/594990339/wpa_supplicant.log

Cheers


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux