LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   wpa_supplicant is reporting unsupported certificate purpose (https://www.linuxquestions.org/questions/linux-networking-3/wpa_supplicant-is-reporting-unsupported-certificate-purpose-732428/)

kchockal 06-12-2009 05:02 AM
wpa_supplicant is reporting unsupported certificate purpose
 
Hi All


I am using wpa_supplicant for peap auth through wired network

This the conf file used by me
[root@localhost Wsupp]# cat peap_1.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="peapuser1"
password="password1111"
ca_cert="Winrad_root_CA.pem"
}


This is the error message , received by me

Received EAP-Request method=25 id=216
EAP: EAP entering state METHOD
SSL: Received packet(len=992) - Flags 0x40
SSL: Need 501 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:05:1e:47:b6:0c
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=217
EAP: EAP entering state METHOD
SSL: Received packet(len=507) - Flags 0x00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: Certificate verification failed, error 26 (unsupported certificate purpose) depth 0 for '/DC=com/DC=brcdindbangalore/CN=Users/CN=Administrator'
SSL: (where=0x4008 ret=0x22b)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unsupported certificate
SSL: (where=0x1002 ret=0xffffffff)SSL: SSL_connect:error in SSLv3 read server certificate B
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
SSL: 7 bytes pending from ssl_out
SSL: Failed - tls_out available to report error
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:05:1e:47:b6:0c
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface eth2
State: ASSOCIATED -> DISCONNECTED



I tried the same certificate on xsupplicant , It was working fine

[root@localhost Wsupp]# cat ../Xsupp/peap_1.conf
network_list = all
#network_list = default, test1, test2

default_netname = default
logfile = /var/log/xsupplicant.log


default
{
identity = peapuser1

eap-peap {
root_cert = Winrad_root_CA.pem
chunk_size = 1398
random_file = /dev/urandom
allow_types = all
eap-mschapv2 {
username = peapuser1
password = "password1111"
}
}
}


xsupplicant -i eth2 -c peap_1.conf -f
Couldn't get encryption capabilites!
No configuration information for network "(null)" found. Using default.
Failed to authenticate eth2
Successfully authenticated eth2


As seen from the log , xsupplicant is working fine with the same certificate !

Thanks
kchockal

Lautre 06-15-2009 12:12 PM
try wicd

kchockal 06-16-2009 12:47 AM
Thanks Lautre ,will check it out


All times are GMT -5. The time now is 06:20 PM.