#define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID
#define EXAMPLE_EAP_METHOD CONFIG_EAP_METHOD
#define EXAMPLE_EAP_ID CONFIG_EAP_ID
#define EXAMPLE_EAP_USERNAME CONFIG_EAP_USERNAME
#define EXAMPLE_EAP_PASSWORD CONFIG_EAP_PASSWORD
/* Constants that aren't configurable in menuconfig */
/* FreeRTOS event group to signal when we are connected & ready to make a request */
static EventGroupHandle_t wifi_event_group;
/* The event group allows multiple bits for each event,
but we only care about one event - are we connected
to the AP with an IP? */
const int CONNECTED_BIT = BIT0;
/* Constants that aren't configurable in menuconfig */
#define EAP_PEAP 1
#define EAP_TTLS 2
static const char *TAG = "example";
/* CA cert, taken from wpa2_ca.pem
Client cert, taken from wpa2_client.crt
Client key, taken from wpa2_client.key
The PEM, CRT and KEY file were provided by the person or organization
who configured the AP with wpa2 enterprise.
To embed it in the app binary, the PEM, CRT and KEY file is named
in the component.mk COMPONENT_EMBED_TXTFILES variable.
*/
extern uint8_t ca_pem_start[] asm("_binary_wpa2_ca_pem_start");
extern uint8_t ca_pem_end[] asm("_binary_wpa2_ca_pem_end");
extern uint8_t client_crt_start[] asm("_binary_wpa2_client_crt_start");
extern uint8_t client_crt_end[] asm("_binary_wpa2_client_crt_end");
extern uint8_t client_key_start[] asm("_binary_wpa2_client_key_start");
extern uint8_t client_key_end[] asm("_binary_wpa2_client_key_end");
static esp_err_t event_handler(void *ctx, system_event_t *event)
{
switch(event->event_id) {
case SYSTEM_EVENT_STA_START:
esp_wifi_connect();
break;
case SYSTEM_EVENT_STA_GOT_IP:
xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
break;
case SYSTEM_EVENT_STA_DISCONNECTED:
esp_wifi_connect();
xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
break;
default:
break;
}
return ESP_OK;
}
static void initialise_wifi(void)
{
unsigned int ca_pem_bytes = ca_pem_end - ca_pem_start;
unsigned int client_crt_bytes = client_crt_end - client_crt_start;
unsigned int client_key_bytes = client_key_end - client_key_start;
esp_wpa2_config_t config = WPA2_CONFIG_INIT_DEFAULT();
tcpip_adapter_init();
wifi_event_group = xEventGroupCreate();
ESP_ERROR_CHECK( esp_event_loop_init(event_handler, NULL) );
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
//ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
wifi_config_t wifi_config = {
.sta = {
.ssid = EXAMPLE_WIFI_SSID,
},
};
tcpip_adapter_dhcps_stop(TCPIP_ADAPTER_IF_AP);
tcpip_adapter_ip_info_t ip_info;
IP4_ADDR(&ip_info.ip,10,21,123,142);
IP4_ADDR(&ip_info.gw,10,21,122,1);
IP4_ADDR(&ip_info.netmask,255,255,254,0);
ip_addr_t dnsserver;
inet_pton(AF_INET, "10.21.71.19", &dnsserver);
dns_setserver(0, &dnsserver);
printf("set ip ret: %d\n", tcpip_adapter_set_ip_info(TCPIP_ADAPTER_IF_AP, &ip_info)); //set static IP
//tcpip_adapter_dhcps_start(TCPIP_ADAPTER_IF_AP);
ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
ESP_ERROR_CHECK( esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
/*
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) );
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_cert_key(client_crt_start, client_crt_bytes,\
client_key_start, client_key_bytes, NULL, 0) );
*/
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
if (EXAMPLE_EAP_METHOD == EAP_PEAP || EXAMPLE_EAP_METHOD == EAP_TTLS) {
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) );
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) );
}
ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_enable(&config) );
ESP_ERROR_CHECK( esp_wifi_start() );
}
static void wpa2_enterprise_example_task(void *pvParameters)
{
tcpip_adapter_ip_info_t ip;
memset(&ip, 0, sizeof(tcpip_adapter_ip_info_t));
vTaskDelay(2000 / portTICK_PERIOD_MS);
const struct addrinfo hints = {
.ai_family = AF_INET,
.ai_socktype = SOCK_STREAM,
};
struct addrinfo *res;
struct in_addr *addr;
int s, r;
char recv_buf[64];
while (1) {
vTaskDelay(2000 / portTICK_PERIOD_MS);
if (tcpip_adapter_get_ip_info(ESP_IF_WIFI_STA, &ip) == 0) {
ESP_LOGI(TAG, "~~~~~~~~~~~");
ESP_LOGI(TAG, "IP:"IPSTR, IP2STR(&ip.ip));
ESP_LOGI(TAG, "MASK:"IPSTR, IP2STR(&ip.netmask));
ESP_LOGI(TAG, "GW:"IPSTR, IP2STR(&ip.gw));
ESP_LOGI(TAG, "~~~~~~~~~~~");
}
}
}
void app_main()
{
ESP_ERROR_CHECK( nvs_flash_init() );
initialise_wifi();
xTaskCreate(&wpa2_enterprise_example_task, "wpa2_enterprise_example_task", 4096, NULL, 5, NULL);
}
Debug Logs
V (718) event: exit default callback
I (838) wifi: n:1 0, o:1 0, ap:255 255, sta:1 0, prof:1
I (1818) wifi: state: init -> auth (b0)
I (1818) wifi: state: auth -> assoc (0)
I (1838) wifi: state: assoc -> run (10)
I (1838) wpa: wpa2_task prio:2, stack:6656
D (3028) wpa: TLS: using phase1 config options
D (3038) wpa: SSL: Received packet(len=6) - Flags 0x21
D (3038) wpa: EAP-PEAP: Start (server ver=1, own ver=1)
D (3038) wpa: EAP-PEAP: Using PEAP version 1
D (3038) wpa: TLSv1: Send ClientHello
D (3048) wpa: SSL: 62 bytes left to be sent out (of total 62 bytes)
I (4698) example: ~~~
I (4698) example: IP:0.0.0.0
I (4698) example: MASK:0.0.0.0
I (4698) example: GW:0.0.0.0
I (4698) example: ~~~
D (4798) wpa: SSL: Received packet(len=1000) - Flags 0xc1
D (4798) wpa: SSL: TLS Message Length: 1248
I (4798) wpa: SSL: Need 258 bytes more input data
D (4798) wpa: SSL: Building ACK (type=25 id=4 ver=1)
D (4818) wpa: SSL: Received packet(len=264) - Flags 0x01
D (4818) wpa: TLSv1: Received content type 22 version 3.1 length 74
D (4818) wpa: TLSv1: Received ServerHello
D (4818) wpa: TLSv1: Using TLS v1.0
D (4828) wpa: TLSv1: Selected cipher suite: 0x002f
D (4828) wpa: TLSv1: Received content type 22 version 3.1 length 1155
D (4838) wpa: TLSv1: Received Certificate (certificate_list len 1151)
D (4848) wpa: TLSv1: Certificate 0 (len 1145)
D (4848) wpa: X509: Version X.509v3
D (4848) wpa: X509: serialNumber ###
D (4858) wpa: X509: issuer ?=Cisco Systems, ?=Cisco Manufacturing CA
D (4858) wpa: X509: Validity: notBefore: 0 notAfter: 0
D (4868) wpa: X509: subject ?=US, ?=California, ?=San Jose, ?=Cisco Systems, ?=AIR-CT5508-K9-649ef3bf2d00/emailAddress=support@cisco.com
D (4878) wpa: X509: Extension: extnID=2.5.29.15 critical=0
D (4888) wpa: X509: KeyUsage 0x5
D (4888) wpa: X509: Extension: extnID=2.5.29.14 critical=0
D (4898) wpa: X509: Extension: extnID=2.5.29.35 critical=0
D (4898) wpa: X509: Extension: extnID=2.5.29.31 critical=0
D (4908) wpa: X509: Extension: extnID=1.3.6.1.5.5.7.1.1 critical=0
D (4908) wpa: X509: Extension: extnID=1.3.6.1.4.1.311.20.2 critical=0
D (4918) wpa: X509: Version X.509v3
D (4918) wpa: X509: serialNumber ###
D (4928) wpa: X509: issuer ?=Cisco Systems, ?=Cisco Manufacturing CA
D (4928) wpa: X509: Validity: notBefore: 0 notAfter: 0
D (4938) wpa: X509: subject ?=US, ?=California, ?=San Jose, ?=Cisco Systems, ?=AIR-CT5508-K9-649ef3bf2d00/emailAddress=support@cisco.com
D (4948) wpa: X509: Extension: extnID=2.5.29.15 critical=0
D (4958) wpa: X509: KeyUsage 0x5
D (4958) wpa: X509: Extension: extnID=2.5.29.14 critical=0
D (4968) wpa: X509: Extension: extnID=2.5.29.35 critical=0
D (4968) wpa: X509: Extension: extnID=2.5.29.31 critical=0
D (4978) wpa: X509: Extension: extnID=1.3.6.1.5.5.7.1.1 critical=0
D (4978) wpa: X509: Extension: extnID=1.3.6.1.4.1.311.20.2 critical=0
D (4988) wpa: X509: Validate certificate chain
D (4988) wpa: X509: 0: ?=US, ?=California, ?=San Jose, ?=Cisco Systems, ?=AIR-CT5508-K9-649ef3bf2d00/emailAddress=support@cisco.com
D (5008) wpa: X509: Did not find any of the issuers from the list of trusted certificates
D (5008) wpa: X509: Certificate chain validation disabled - ignore unknown CA issue
D (5018) wpa: X509: Certificate chain valid
D (5028) wpa: TLSv1: Received content type 22 version 3.1 length 4
D (5028) wpa: TLSv1: Received ServerHelloDone
D (5038) wpa: TLSv1: Send ClientKeyExchange
D (5218) wpa: TLSv1: Send ChangeCipherSpec
D (5218) wpa: TLSv1: Record Layer - New write cipher suite 0x002f
D (5218) wpa: TLSv1: Send Finished
D (5218) wpa: SSL: 326 bytes left to be sent out (of total 326 bytes)
D (5338) wpa: SSL: Received packet(len=17) - Flags 0x81
D (5338) wpa: SSL: TLS Message Length: 7
D (5338) wpa: TLSv1: Received content type 21 version 3.1 length 2
D (5348) wpa: TLSv1: Received alert 2:20
D (5348) wpa: SSL: No data to be sent out
D (5358) wpa: SSL: Building ACK (type=25 id=6 ver=1)
I (5368) wpa: >>>>>wpa2 FIALED
D (5368) wpa: TLSv1: Selected cipher suite: 0x0000
D (5368) wpa: TLSv1: Record Layer - New write cipher suite 0x0000
D (5378) wpa: TLSv1: Record Layer - New read cipher suite 0x0000
Environment
Problem Description
Fail to connect wpa2 peap
Expected Behavior
Connect succeful
Actual Behavior
Fail to connect
Steps to repropduce
Code to reproduce this issue
Debug Logs
V (718) event: exit default callback I (838) wifi: n:1 0, o:1 0, ap:255 255, sta:1 0, prof:1 I (1818) wifi: state: init -> auth (b0) I (1818) wifi: state: auth -> assoc (0) I (1838) wifi: state: assoc -> run (10) I (1838) wpa: wpa2_task prio:2, stack:6656
D (3028) wpa: TLS: using phase1 config options D (3038) wpa: SSL: Received packet(len=6) - Flags 0x21 D (3038) wpa: EAP-PEAP: Start (server ver=1, own ver=1) D (3038) wpa: EAP-PEAP: Using PEAP version 1 D (3038) wpa: TLSv1: Send ClientHello D (3048) wpa: SSL: 62 bytes left to be sent out (of total 62 bytes) I (4698) example:
~~~ I (4698) example: IP:0.0.0.0 I (4698) example: MASK:0.0.0.0 I (4698) example: GW:0.0.0.0 I (4698) example:~~~ D (4798) wpa: SSL: Received packet(len=1000) - Flags 0xc1 D (4798) wpa: SSL: TLS Message Length: 1248 I (4798) wpa: SSL: Need 258 bytes more input data D (4798) wpa: SSL: Building ACK (type=25 id=4 ver=1)D (4818) wpa: SSL: Received packet(len=264) - Flags 0x01 D (4818) wpa: TLSv1: Received content type 22 version 3.1 length 74 D (4818) wpa: TLSv1: Received ServerHello D (4818) wpa: TLSv1: Using TLS v1.0 D (4828) wpa: TLSv1: Selected cipher suite: 0x002f D (4828) wpa: TLSv1: Received content type 22 version 3.1 length 1155 D (4838) wpa: TLSv1: Received Certificate (certificate_list len 1151) D (4848) wpa: TLSv1: Certificate 0 (len 1145) D (4848) wpa: X509: Version X.509v3 D (4848) wpa: X509: serialNumber ### D (4858) wpa: X509: issuer ?=Cisco Systems, ?=Cisco Manufacturing CA D (4858) wpa: X509: Validity: notBefore: 0 notAfter: 0 D (4868) wpa: X509: subject ?=US, ?=California, ?=San Jose, ?=Cisco Systems, ?=AIR-CT5508-K9-649ef3bf2d00/emailAddress=support@cisco.com D (4878) wpa: X509: Extension: extnID=2.5.29.15 critical=0 D (4888) wpa: X509: KeyUsage 0x5 D (4888) wpa: X509: Extension: extnID=2.5.29.14 critical=0 D (4898) wpa: X509: Extension: extnID=2.5.29.35 critical=0 D (4898) wpa: X509: Extension: extnID=2.5.29.31 critical=0 D (4908) wpa: X509: Extension: extnID=1.3.6.1.5.5.7.1.1 critical=0 D (4908) wpa: X509: Extension: extnID=1.3.6.1.4.1.311.20.2 critical=0 D (4918) wpa: X509: Version X.509v3 D (4918) wpa: X509: serialNumber ### D (4928) wpa: X509: issuer ?=Cisco Systems, ?=Cisco Manufacturing CA D (4928) wpa: X509: Validity: notBefore: 0 notAfter: 0 D (4938) wpa: X509: subject ?=US, ?=California, ?=San Jose, ?=Cisco Systems, ?=AIR-CT5508-K9-649ef3bf2d00/emailAddress=support@cisco.com D (4948) wpa: X509: Extension: extnID=2.5.29.15 critical=0 D (4958) wpa: X509: KeyUsage 0x5 D (4958) wpa: X509: Extension: extnID=2.5.29.14 critical=0 D (4968) wpa: X509: Extension: extnID=2.5.29.35 critical=0 D (4968) wpa: X509: Extension: extnID=2.5.29.31 critical=0 D (4978) wpa: X509: Extension: extnID=1.3.6.1.5.5.7.1.1 critical=0 D (4978) wpa: X509: Extension: extnID=1.3.6.1.4.1.311.20.2 critical=0 D (4988) wpa: X509: Validate certificate chain D (4988) wpa: X509: 0: ?=US, ?=California, ?=San Jose, ?=Cisco Systems, ?=AIR-CT5508-K9-649ef3bf2d00/emailAddress=support@cisco.com D (5008) wpa: X509: Did not find any of the issuers from the list of trusted certificates D (5008) wpa: X509: Certificate chain validation disabled - ignore unknown CA issue D (5018) wpa: X509: Certificate chain valid D (5028) wpa: TLSv1: Received content type 22 version 3.1 length 4 D (5028) wpa: TLSv1: Received ServerHelloDone D (5038) wpa: TLSv1: Send ClientKeyExchange D (5218) wpa: TLSv1: Send ChangeCipherSpec D (5218) wpa: TLSv1: Record Layer - New write cipher suite 0x002f D (5218) wpa: TLSv1: Send Finished D (5218) wpa: SSL: 326 bytes left to be sent out (of total 326 bytes) D (5338) wpa: SSL: Received packet(len=17) - Flags 0x81 D (5338) wpa: SSL: TLS Message Length: 7 D (5338) wpa: TLSv1: Received content type 21 version 3.1 length 2 D (5348) wpa: TLSv1: Received alert 2:20 D (5348) wpa: SSL: No data to be sent out D (5358) wpa: SSL: Building ACK (type=25 id=6 ver=1)
I (5368) wpa: >>>>>wpa2 FIALED
D (5368) wpa: TLSv1: Selected cipher suite: 0x0000 D (5368) wpa: TLSv1: Record Layer - New write cipher suite 0x0000 D (5378) wpa: TLSv1: Record Layer - New read cipher suite 0x0000
I (5388) wpa: wpa2 task delete