search

OpenMandrivaAssociation / distribution

OpenMandriva Lx is an exciting free Desktop Operating System that aims to cater to and interest first time and advanced users alike. It has the breadth and depth of an advanced system but is designed to be simple and straightforward in use.
https://openmandriva.org
8 stars 2 forks source link

wpa_supplicant fails with EAP-MSCHAPV2 protocol (Bugzilla Bug 2690) #2690

Closed tpgxyz closed 1 year ago

tpgxyz commented 3 years ago

This issue was created automatically with bugzilla2github

Bugzilla Bug 2690

Date: 2021-05-29 12:38:29 +0000 From: @mandian To: @berolinux CC: @benbullard79, bugs@openmandriva.org, @itchka, @tpgxyz

Last updated: 2021-06-13 02:01:33 +0000

Comment 20711

Date: 2021-05-29 12:38:29 +0000 From: @mandian

Hi,

wpa_supplicant fails to handle EAP-MSCHAPV2 protocol as you can see from the following log. The culprit is OpenSLLv3: if i try to compile wpa_supplicant against openssl 1.1.x ti works fine (it doesn't matter if I use version 2.8 or 2.9 of wpa_supplicant).

Here is the log: the error is in the last row.

wpa_supplicant[1515]: wls0: SME: Trying to authenticate with 2c:3f:38:23:54:67 (SSID='eduroam' freq=2412 MHz) kernel: wls0: authenticate with 2c:3f:38:23:54:67 kernel: wls0: send auth to 2c:3f:38:23:54:67 (try 1/3) kernel: wls0: authenticated kernel: wls0: associate with 2c:3f:38:23:54:67 (try 1/3) kernel: wls0: RX AssocResp from 2c:3f:38:23:54:67 (capab=0x111 status=0 aid=1) kernel: wls0: associated kernel: wls0: Limiting TX power to 14 dBm as advertised by 2c:3f:38:23:54:67 wpa_supplicant[1515]: wls0: Trying to associate with 2c:3f:38:23:54:67 (SSID='eduroam' freq=5200 MHz) wpa_supplicant[1515]: wls0: Associated with 2c:3f:38:23:54:67 wpa_supplicant[1515]: wls0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 wpa_supplicant[1515]: wls0: CTRL-EVENT-EAP-STARTED EAP authentication started wpa_supplicant[1515]: wls0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=UK wpa_supplicant[1515]: wls0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 wpa_supplicant[1515]: wls0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected wpa_supplicant[1515]: wls0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=NL/O=TERENA/CN=TERENA SSL CA' hash=a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447 wpa_supplicant[1515]: wls0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/OU=Domain Control Validated/CN=eduroam.uni.edu' hash=ecf701f727d9e2d77c4aa49ac6fbbcc997278aca010bddeeb961c10cf54d435a wpa_supplicant[1515]: wls0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:eduroam.uni.edu wpa_supplicant[1515]: OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported wpa_supplicant[1515]: EAP-MSCHAPV2: Failed to derive response

Comment 20714

Date: 2021-06-01 22:22:16 +0000 From: @tpgxyz

Please try with openssl-3.0.0-alpha16 which was released for 4.2

Comment 20715

Date: 2021-06-13 02:01:33 +0000 From: @benbullard79

NEED_INFO

rugyada commented 2 years ago

Closing, as 4.2 EOL

mandian commented 2 years ago

@rugyada this bug is still here.

As a workaround i recompile wpa_supplicant agains openssl v1 on my machine but this is not a solution for the package in repo.

The error in PEAP authentication is due to the use of some function use in openssl v1 but not more usable in openssl v3. I'll try with latest upstream code.

rugyada commented 2 years ago

this bug is still here.

The bug report was against 4.2. If also cooker and/or ROME affected it should be updated and properly labeled to reflect true current status ;-) Ok.

mandian commented 1 year ago

It worked with latest slim ISO.