LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 06-12-2009, 06:02 AM   #1
kchockal
LQ Newbie
 
Registered: Jun 2009
Posts: 2

Rep: Reputation: 0
wpa_supplicant is reporting unsupported certificate purpose


Hi All


I am using wpa_supplicant for peap auth through wired network

This the conf file used by me
[root@localhost Wsupp]# cat peap_1.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=PEAP
phase2="auth=MSCHAPV2"
identity="peapuser1"
password="password1111"
ca_cert="Winrad_root_CA.pem"
}


This is the error message , received by me

Received EAP-Request method=25 id=216
EAP: EAP entering state METHOD
SSL: Received packet(len=992) - Flags 0x40
SSL: Need 501 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:05:1e:47:b6:0c
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=217
EAP: EAP entering state METHOD
SSL: Received packet(len=507) - Flags 0x00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: Certificate verification failed, error 26 (unsupported certificate purpose) depth 0 for '/DC=com/DC=brcdindbangalore/CN=Users/CN=Administrator'
SSL: (where=0x4008 ret=0x22b)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unsupported certificate
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server certificate B
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
SSL: 7 bytes pending from ssl_out
SSL: Failed - tls_out available to report error
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:05:1e:47:b6:0c
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface eth2
State: ASSOCIATED -> DISCONNECTED



I tried the same certificate on xsupplicant , It was working fine

[root@localhost Wsupp]# cat ../Xsupp/peap_1.conf
network_list = all
#network_list = default, test1, test2

default_netname = default
logfile = /var/log/xsupplicant.log


default
{
identity = peapuser1

eap-peap {
root_cert = Winrad_root_CA.pem
chunk_size = 1398
random_file = /dev/urandom
allow_types = all
eap-mschapv2 {
username = peapuser1
password = "password1111"
}
}
}


xsupplicant -i eth2 -c peap_1.conf -f
Couldn't get encryption capabilites!
No configuration information for network "(null)" found. Using default.
Failed to authenticate eth2
Successfully authenticated eth2


As seen from the log , xsupplicant is working fine with the same certificate !

Thanks
kchockal
 
Old 06-15-2009, 01:12 PM   #2
Lautre
Calculate Linux
 
Registered: Jun 2009
Location: Saint-Petersburg, Russia
Distribution: Calculate Linux
Posts: 93

Rep: Reputation: 25
try wicd
 
Old 06-16-2009, 01:47 AM   #3
kchockal
LQ Newbie
 
Registered: Jun 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Smile

Thanks Lautre ,will check it out
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Building a certificate chain from the certificate using openSSL aravinda78 Linux - Security 1 11-10-2008 02:51 AM
Purpose? kienjakenobi LinuxQuestions.org Member Intro 3 03-18-2008 06:49 PM
What is the purpose of these emails? Cage47 General 4 01-05-2007 05:19 PM
Can I retrieve certificate expiry date from an openssl certificate (command line) davee Linux - Security 1 07-21-2006 11:28 AM
Purpose of some directories Menestrel Linux - Newbie 2 01-08-2005 06:47 AM


All times are GMT -5. The time now is 08:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration