Search Linux Wireless

Troubleshooting hostapd and TLS authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hI,

I would like to test network connection
between simulated Wi-Fi access point and a station by using hostapd.

Both reside on the same tesing machine which does not have Wi-Fi adapter.
I would like to test 802.1x + TLS authentication.


When I run hostapd
then I see error message:
OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error OpenSSL: tls_global_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0)
TLS: Failed to set global parameters
Failed to set TLS parameters


DETAILS
Distro: RHEL 7.6 Beta

kernel-3.10.0-933.el7.x86_64
NetworkManager-1.12.0-2.el7.x86_64
hostapd-2.6-7.el7.x86_64
openssl-1.0.2k-15.el7.x86_64
wpa_supplicant-2.6-11.el7.x86_64

The simulated AP has interface "wlan1".
The simulated station has "wlan0".


hostapd's CONFIGURATION
# Hostapd configuration for 802.1x client testing
interface=wlan1
driver=nl80211
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=wpa2-eap
country_code=EN
hw_mode=g
channel=7
auth_algs=3
wpa=3
ieee8021x=1
eapol_version=1
wpa_key_mgmt=WPA-EAP WPA-PSK
wpa_passphrase=secret123
eap_reauth_period=3600
eap_server=1
use_pae_group_addr=1
eap_user_file=/etc/hostapd/hostapd.eap_user
ca_cert=/etc/hostapd/ssl/hostapd.ca.pem
dh_file=/etc/hostapd/ssl/hostapd.dh.pem
server_cert=/etc/hostapd/ssl/hostapd.cert.pem
private_key=/etc/hostapd/ssl/hostapd.key.pem
private_key_passwd=redhat


All mentioned certificates exist on the testing machine.
Server certificate and private key match.


CONTENTS OF /etc/hostapd/hostapd.eap_user
# Create hostapd peap user file
# Phase 1 authentication
"user"   MD5     "password"
"test"   TLS,TTLS,PEAP
# Phase 2 authentication (tunnelled within EAP-PEAP or EAP-TTLS)
"TESTERS\test_mschapv2"   MSCHAPV2    "password"  [2]
"test_md5"       MD5         "password"  [2]
"test_gtc"       GTC         "password"  [2]
# Tunneled TLS and non-EAP authentication inside the tunnel.
"test_ttls"      TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password"  [2]


QUESTIONS
1. Are there any errors in the hostapd's configuration?
2. Is the error after start due to certificates?
3. Is the error due to OpenSSL on the testing machine?


Thanks
Pavlin




[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux