v3.3版本 WPA2 Enterprise 无法连接（PEAP） (IDFGH-5037)

[HeFeng1947]

环境

• Module or chip used: ESP32-WROOM-32U
• IDF version : v3.3 - bf022060964128556b3d3205b65c5d35df9beef6
• Build System: CMake
• Operating System: Linux
• Using an IDE?: No
• Power Supply: USB

问题描述

如题，在v3.3版本下无法跑通example下的wap2 enterprise例程，使用PEAP的认证方式。我尝试切换到目前release/v3.3分支的最新提交（7c86027531ebffe937c9d9d1080cd433eb993f35），也还是出现一样的错误。但在mster分支下（即v4.4），例程运行正常。

测试使用的认证服务器是freeRadius3，已在PC等设备上测试确认无问题。

在v3.3版本例程里注释以下代码

    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
    ESP_ERROR_CHECK( esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
    // 使用 PEAP 认证
    // ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_ca_cert(ca_pem_start, ca_pem_bytes) );
    // ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_cert_key(client_crt_start, client_crt_bytes,\
    //      client_key_start, client_key_bytes, NULL, 0) );
    ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_identity((uint8_t *)EXAMPLE_EAP_ID, strlen(EXAMPLE_EAP_ID)) );
    if (EXAMPLE_EAP_METHOD == EAP_PEAP || EXAMPLE_EAP_METHOD == EAP_TTLS) {
        ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_username((uint8_t *)EXAMPLE_EAP_USERNAME, strlen(EXAMPLE_EAP_USERNAME)) );
        ESP_ERROR_CHECK( esp_wifi_sta_wpa2_ent_set_password((uint8_t *)EXAMPLE_EAP_PASSWORD, strlen(EXAMPLE_EAP_PASSWORD)) );
    }

esp32错误log输出（v3.3）

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0018,len:4
load:0x3fff001c,len:6852
load:0x40078000,len:12128
load:0x40080400,len:6692
entry 0x40080774
I (63) boot: Chip Revision: 1
I (64) boot_comm: chip revision: 1, min. bootloader chip revision: 0
I (39) boot: ESP-IDF v3.3.2-323-gbf0220609-dirty 2nd stage bootloader
I (39) boot: compile time 11:40:03
I (40) boot: Enabling RNG early entropy source...
I (46) boot: SPI Speed      : 80MHz
I (50) boot: SPI Mode       : DIO
I (54) boot: SPI Flash Size : 4MB
I (58) boot: Partition Table:
I (62) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 nvs              WiFi data        01 02 00009000 00006000
I (76) boot:  1 phy_init         RF data          01 01 0000f000 00001000
I (84) boot:  2 factory          factory app      00 00 00010000 00100000
I (91) boot: End of partition table
I (95) boot_comm: chip revision: 1, min. application chip revision: 0
I (103) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x1cc10 (117776) map
I (146) esp_image: segment 1: paddr=0x0002cc38 vaddr=0x3ffb0000 size=0x033d8 ( 13272) load
I (151) esp_image: segment 2: paddr=0x00030018 vaddr=0x400d0018 size=0x6e1fc (451068) map
0x400d0018: _stext at ??:?

I (284) esp_image: segment 3: paddr=0x0009e21c vaddr=0x3ffb33d8 size=0x00238 (   568) load
I (284) esp_image: segment 4: paddr=0x0009e45c vaddr=0x40080000 size=0x00400 (  1024) load
0x40080000: _WindowOverflow4 at /home/kelly/sambaShare/workspace/esp/esp-idf/components/freertos/xtensa_vectors.S:1779

I (291) esp_image: segment 5: paddr=0x0009e864 vaddr=0x40080400 size=0x13d54 ( 81236) load
I (340) boot: Loaded app from partition at offset 0x10000
I (340) boot: Disabling RNG early entropy source...
I (341) cpu_start: Pro cpu up.
I (344) cpu_start: Application information:
I (349) cpu_start: Project name:     wpa2-enterprise
I (355) cpu_start: App version:      1
I (359) cpu_start: Compile time:     Apr  5 2021 11:40:02
I (365) cpu_start: ELF file SHA256:  71b3a57e56c6d821...
I (371) cpu_start: ESP-IDF:          v3.3.2-323-gbf0220609-dirty
I (378) cpu_start: Starting app cpu, entry point is 0x40081164
0x40081164: call_start_cpu1 at /home/kelly/sambaShare/workspace/esp/esp-idf/components/esp32/cpu_start.c:268

I (0) cpu_start: App cpu up.
I (388) heap_init: Initializing. RAM available for dynamic allocation:
I (395) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (401) heap_init: At 3FFB9718 len 000268E8 (154 KiB): DRAM
I (408) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
I (414) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (420) heap_init: At 40094154 len 0000BEAC (47 KiB): IRAM
I (427) cpu_start: Pro cpu start user code
I (109) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
I (189) wifi:wifi driver task: 3ffc140c, prio:23, stack:3584, core=0
I (189) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (189) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (199) wifi:wifi firmware version: 3bdbd8b
I (199) wifi:config NVS flash: disabled
I (209) wifi:config nano formating: disabled
I (209) wifi:Init dynamic tx buffer num: 32
I (209) wifi:Init data frame dynamic rx buffer num: 32
I (219) wifi:Init management frame dynamic rx buffer num: 32
I (229) wifi:Init management short buffer num: 32
I (229) wifi:Init static rx buffer size: 1600
I (229) wifi:Init static rx buffer num: 10
I (239) wifi:Init dynamic rx buffer num: 32
I (239) example: Setting WiFi configuration SSID 0-radius...
I (249) example: Setting WiFi configuration WPA2 method 1...
D (249) wifi:clear blacklist
I (259) wpa: WPA2 ENTERPRISE VERSION: [v2.0] enable

I (359) phy: phy_version: 4180, cb3948e, Sep 12 2019, 16:39:13, 0, 0
D (359) wifi:filter: set rx policy=0
I (359) wifi:mode : sta (98:f4:ab:0b:24:84)
D (369) wifi:filter: set rx policy=1
D (369) wifi:connect status 0 -> 0
D (369) wifi:Start wifi connect
D (369) wifi:connect status 0 -> 0
D (379) wifi:connect chan=0
D (379) wifi:first chan=1
D (379) wifi:connect status 0 -> 1
D (389) wifi:filter: set rx policy=3
D (389) wifi:clear scan ap list
D (389) wifi:start scan: type=0x50f, priority=2, cb=0x4010b0a4, arg=0x0, ss_state=0x1, time=29535, index=0
0x4010b0a4: cnx_start_handoff_cb at ??:?

D (399) wifi:perform scan: ss_state=0x9, chan<1,0>, dur<0,120>
D (529) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (529) wifi:perform scan: ss_state=0x9, chan<2,0>, dur<0,120>
D (649) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (649) wifi:perform scan: ss_state=0x9, chan<3,0>, dur<0,120>
D (769) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (769) wifi:perform scan: ss_state=0x9, chan<4,0>, dur<0,120>
D (889) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (889) wifi:perform scan: ss_state=0x9, chan<5,0>, dur<0,120>
D (1009) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (1009) wifi:perform scan: ss_state=0x9, chan<6,0>, dur<0,120>
D (1129) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (1129) wifi:perform scan: ss_state=0x9, chan<7,0>, dur<0,120>
D (1249) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (1249) wifi:perform scan: ss_state=0x9, chan<8,0>, dur<0,120>
D (1379) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (1379) wifi:perform scan: ss_state=0x9, chan<9,0>, dur<0,120>
D (1499) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (1499) wifi:perform scan: ss_state=0x9, chan<10,0>, dur<0,120>
D (1619) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (1619) wifi:perform scan: ss_state=0x9, chan<11,0>, dur<0,120>
D (1649) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (1649) wifi:profile match: ss_state=0x7
D (1739) wifi:scan end: arg=0x0, status=0, ss_state=0x7
D (1739) wifi:find first mathched ssid, scan done
D (1739) wifi:filter: set rx policy=4
D (1739) wifi:first chan=1
D (1739) wifi:handoff_cb: status=0
D (1749) wifi:ap found, mac=e4:95:6e:41:b3:dc
D (1749) wifi:new_bss=0x3ffb4898, cur_bss=0x0, new_chan=<11,0>, cur_chan=1
D (1759) wifi:filter: set rx policy=5
I (1759) wifi:new:<11,0>, old:<1,0>, ap:<255,255>, sta:<11,0>, prof:1
D (1769) wifi:connect_op: status=0, auth=4, cipher=3 
D (1769) wifi:auth mode is not none
D (2749) wifi:connect_bss: auth=1, reconnect=0
I (2749) wifi:state: init -> auth (b0)
D (2749) wifi:start 1s AUTH timer
D (2749) wifi:clear scan ap list
D (2759) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2759) wifi:set max rate: from <rate=130, phy=3, sig=0> to <rate=144, phy=3 sig=0>
D (2769) wifi:sig_b=0, sig_g=0, sig_n=0, max_b=22, max_g=108, max_n=144
D (2769) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2779) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2779) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2789) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2789) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2799) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2799) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2809) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2809) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2819) wifi:recv auth: seq=2, status=0
I (2819) wifi:state: auth -> assoc (0)
D (2819) wifi:restart connect 1s timer for assoc
D (2829) wifi:recv assoc: type=0x10
D (2829) wifi:filter: set rx policy=6
I (2829) wifi:state: assoc -> run (10)
I (2839) wpa: wpa2_task prio:2, stack:6656

D (2839) wifi:start 30s connect timer for 4 way handshake
D (2879) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (2979) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3079) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3189) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3289) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3389) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3489) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3589) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3699) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3799) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

I (3879) wpa: >>>>>wpa2 FAILED

D (3889) wifi:recv deauth, reason=0x17
I (3899) wifi:state: run -> init (17c0)
D (3899) wifi:recv deauth/disassoc, stop beacon/connect timer
D (3899) wifi:connect status 1 -> 2
D (3899) wifi:add bssid e4:95:6e:41:b3:dc to blacklist, cnt=0
D (3909) wifi:stop CSA timer
D (3909) wifi:remove e4:95:6e:41:b3:dc from rc list
I (3909) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1
D (3919) wifi:filter: set rx policy=8
D (3919) wifi:sta leave
D (3919) wifi:stop CSA timer
D (3929) wifi:remove 00:00:00:00:00:00 from rc list
I (3929) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1
D (3939) wifi:filter: set rx policy=8
D (3939) wifi:Send disconnect event, reason=23, AP number=0
D (3949) wifi:Start wifi connect
D (3949) wifi:connect status 2 -> 0
D (3949) wifi:connect chan=0
D (3959) wifi:first chan=11
D (3959) wifi:connect status 0 -> 1
D (3959) wifi:filter: set rx policy=3
D (3959) wifi:clear scan ap list
D (3969) wifi:start scan: type=0x50f, priority=2, cb=0x4010b0a4, arg=0x0, ss_state=0x1, time=3604542, index=0
0x4010b0a4: cnx_start_handoff_cb at ??:?

D (3979) wifi:perform scan: ss_state=0x9, chan<11,0>, dur<0,120>
D (3999) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (3999) wifi:find the e4:95:6e:41:b3:dc in blacklist.

D (4099) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4099) wifi:perform scan: ss_state=0x9, chan<1,0>, dur<0,120>
D (4219) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4219) wifi:perform scan: ss_state=0x9, chan<2,0>, dur<0,120>
D (4349) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4349) wifi:perform scan: ss_state=0x9, chan<3,0>, dur<0,120>
I (4369) example: ~~~~~~~~~~~
I (4369) example: IP:0.0.0.0
I (4369) example: MASK:0.0.0.0
I (4369) example: GW:0.0.0.0
I (4369) example: ~~~~~~~~~~~
D (4469) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4469) wifi:perform scan: ss_state=0x9, chan<4,0>, dur<0,120>
D (4589) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4589) wifi:perform scan: ss_state=0x9, chan<5,0>, dur<0,120>
D (4709) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4709) wifi:perform scan: ss_state=0x9, chan<6,0>, dur<0,120>
D (4829) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4829) wifi:perform scan: ss_state=0x9, chan<7,0>, dur<0,120>
D (4949) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (4949) wifi:perform scan: ss_state=0x9, chan<8,0>, dur<0,120>
D (5069) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (5069) wifi:perform scan: ss_state=0x9, chan<9,0>, dur<0,120>
D (5189) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (5189) wifi:perform scan: ss_state=0x9, chan<10,0>, dur<0,120>
D (5309) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (5309) wifi:perform scan: ss_state=0x9, chan<12,0>, dur<360,360>
D (5679) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (5679) wifi:perform scan: ss_state=0x9, chan<13,0>, dur<360,360>
D (6039) wifi:scan end: arg=0x0, status=0, ss_state=0x3
D (6039) wifi:filter: set rx policy=4
D (6039) wifi:first chan=1
D (6039) wifi:handoff_cb: status=0
D (6039) wifi:clear blacklist
D (6039) wifi:clear rc list
D (6039) wifi:clear blacklist
D (6049) wifi:send disconnect event
D (6049) wifi:connect status 1 -> 3
D (6049) wifi:disable connect timer
D (6059) wifi:clear scan ap list
D (6059) wifi:Start wifi connect
D (6059) wifi:connect status 3 -> 0
D (6069) wifi:connect chan=0
D (6069) wifi:first chan=11
D (6069) wifi:connect status 0 -> 1
D (6069) wifi:filter: set rx policy=3
D (6079) wifi:clear scan ap list
D (6079) wifi:start scan: type=0x50f, priority=2, cb=0x4010b0a4, arg=0x0, ss_state=0x1, time=5717968, index=0
0x4010b0a4: cnx_start_handoff_cb at ??:?

D (6089) wifi:perform scan: ss_state=0x9, chan<11,0>, dur<0,120>
D (6099) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6099) wifi:profile match: ss_state=0x7
D (6099) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6109) wifi:set max rate: from <rate=130, phy=3, sig=0> to <rate=144, phy=3 sig=0>
D (6119) wifi:sig_b=0, sig_g=0, sig_n=0, max_b=22, max_g=108, max_n=144
D (6119) wifi:profile match: ss_state=0x7
D (6149) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6149) wifi:profile match: ss_state=0x7
D (6219) wifi:scan end: arg=0x0, status=0, ss_state=0x7
D (6219) wifi:find first mathched ssid, scan done
D (6219) wifi:filter: set rx policy=4
D (6219) wifi:first chan=1
D (6219) wifi:handoff_cb: status=0
D (6219) wifi:ap found, mac=e4:95:6e:41:b3:dc
D (6229) wifi:new_bss=0x3ffb4898, cur_bss=0x0, new_chan=<11,0>, cur_chan=11
D (6229) wifi:filter: set rx policy=5
I (6239) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1
D (6239) wifi:connect_op: status=0, auth=4, cipher=3 
D (6249) wifi:auth mode is not none
D (6249) wifi:connect_bss: auth=1, reconnect=0
I (6259) wifi:state: init -> auth (b0)
D (6259) wifi:start 1s AUTH timer
D (6259) wifi:clear scan ap list
D (6269) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6279) wifi:recv auth: seq=2, status=0
I (6279) wifi:state: auth -> assoc (0)
D (6279) wifi:restart connect 1s timer for assoc
D (6289) wifi:recv assoc: type=0x10
D (6289) wifi:filter: set rx policy=6
I (6289) wifi:state: assoc -> run (10)
I (6289) wpa: wpa2_task prio:2, stack:6656

D (6299) wifi:start 30s connect timer for 4 way handshake
D (6359) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

I (6369) example: ~~~~~~~~~~~
I (6369) example: IP:0.0.0.0
I (6369) example: MASK:0.0.0.0
I (6369) example: GW:0.0.0.0
I (6369) example: ~~~~~~~~~~~
D (6459) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6559) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6669) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6769) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6869) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (6969) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (7079) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (7189) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (7279) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

I (7349) wpa: >>>>>wpa2 FAILED

D (7359) wifi:recv deauth, reason=0x17
I (7359) wifi:state: run -> init (17c0)
D (7359) wifi:recv deauth/disassoc, stop beacon/connect timer
D (7359) wifi:connect status 1 -> 2
D (7359) wifi:add bssid e4:95:6e:41:b3:dc to blacklist, cnt=0
D (7369) wifi:stop CSA timer
D (7369) wifi:remove e4:95:6e:41:b3:dc from rc list
I (7369) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1
D (7379) wifi:filter: set rx policy=8
D (7379) wifi:sta leave
D (7389) wifi:stop CSA timer
D (7389) wifi:remove 00:00:00:00:00:00 from rc list
I (7389) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1
D (7399) wifi:filter: set rx policy=8
D (7399) wifi:Send disconnect event, reason=23, AP number=0
D (7409) wifi:Start wifi connect
D (7409) wifi:connect status 2 -> 0
D (7409) wifi:connect chan=0
D (7419) wifi:first chan=11
D (7419) wifi:connect status 0 -> 1
D (7419) wifi:filter: set rx policy=3
D (7429) wifi:clear scan ap list
D (7429) wifi:start scan: type=0x50f, priority=2, cb=0x4010b0a4, arg=0x0, ss_state=0x1, time=7065752, index=0
0x4010b0a4: cnx_start_handoff_cb at ??:?

esp32正常log输出（v4.4）

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0030,len:6872
load:0x40078000,len:14216
load:0x40080400,len:3684
entry 0x40080674
I (27) boot: ESP-IDF v4.4-dev-744-g1cb31e509-dirty 2nd stage bootloader
I (27) boot: compile time 16:44:44
I (28) boot: chip revision: 1
I (32) boot_comm: chip revision: 1, min. bootloader chip revision: 0
I (39) boot.esp32: SPI Speed      : 80MHz
I (43) boot.esp32: SPI Mode       : DIO
I (48) boot.esp32: SPI Flash Size : 4MB
I (52) boot: Enabling RNG early entropy source...
I (58) boot: Partition Table:
I (61) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 nvs              WiFi data        01 02 00009000 00006000
I (76) boot:  1 phy_init         RF data          01 01 0000f000 00001000
I (84) boot:  2 factory          factory app      00 00 00010000 00100000
I (91) boot: End of partition table
I (95) boot_comm: chip revision: 1, min. application chip revision: 0
I (102) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=1bf0ch (114444) map
I (147) esp_image: segment 1: paddr=0002bf34 vaddr=3ffb0000 size=040e4h ( 16612) load
I (153) esp_image: segment 2: paddr=00030020 vaddr=400d0020 size=8b824h (571428) map
I (335) esp_image: segment 3: paddr=000bb84c vaddr=3ffb40e4 size=0018ch (   396) load
I (335) esp_image: segment 4: paddr=000bb9e0 vaddr=40080000 size=159c8h ( 88520) load
I (373) esp_image: segment 5: paddr=000d13b0 vaddr=50000000 size=00010h (    16) load
I (385) boot: Loaded app from partition at offset 0x10000
I (385) boot: Disabling RNG early entropy source...
I (397) cpu_start: Pro cpu up.
I (397) cpu_start: Starting app cpu, entry point is 0x40081224
0x40081224: call_start_cpu1 at /home/kelly/sambaShare/workspace/esp-new/esp-idf/components/esp_system/port/cpu_start.c:158

I (0) cpu_start: App cpu up.
I (411) cpu_start: Pro cpu start user code
I (411) cpu_start: cpu freq: 160000000
I (411) cpu_start: Application information:
I (416) cpu_start: Project name:     wpa2-enterprise
I (421) cpu_start: App version:      1
I (426) cpu_start: Compile time:     Apr  5 2021 16:44:42
I (432) cpu_start: ELF file SHA256:  e31367a6712f4f00...
I (438) cpu_start: ESP-IDF:          v4.4-dev-744-g1cb31e509-dirty
I (445) heap_init: Initializing. RAM available for dynamic allocation:
I (452) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (458) heap_init: At 3FFB8048 len 00027FB8 (159 KiB): DRAM
I (464) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
I (471) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (477) heap_init: At 400959C8 len 0000A638 (41 KiB): IRAM
I (484) spi_flash: detected chip: generic
I (488) spi_flash: flash io: dio
I (493) sleep: Configure to isolate all GPIO pins in sleep state
I (499) sleep: Enable automatic switching of GPIO sleep configuration
I (506) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
I (602) wifi:wifi driver task: 3ffc16f8, prio:23, stack:6656, core=0
I (602) system_api: Base MAC address is not set
I (602) system_api: read default base MAC address from EFUSE
I (622) wifi:wifi firmware version: 4809a2e
I (622) wifi:wifi certification version: v7.0
I (622) wifi:config NVS flash: enabled
I (622) wifi:config nano formating: disabled
I (622) wifi:Init data frame dynamic rx buffer num: 32
I (632) wifi:Init management frame dynamic rx buffer num: 32
I (632) wifi:Init management short buffer num: 32
I (642) wifi:Init dynamic tx buffer num: 32
I (642) wifi:Init static rx buffer size: 1600
I (652) wifi:Init static rx buffer num: 10
I (652) wifi:Init dynamic rx buffer num: 32
I (662) wifi_init: rx ba win: 6
I (662) wifi_init: tcpip mbox: 32
I (662) wifi_init: udp mbox: 6
I (672) wifi_init: tcp mbox: 6
I (672) wifi_init: tcp tx win: 5744
I (672) wifi_init: tcp rx win: 5744
I (682) wifi_init: tcp mss: 1436
I (682) wifi_init: WiFi IRAM OP enabled
I (692) wifi_init: WiFi RX IRAM OP enabled
I (692) example: Setting WiFi configuration SSID 0-radius...
I (702) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
W (712) phy_init: failed to load RF calibration data (0xffffffff), falling back to full calibration
I (912) wifi:mode : sta (98:f4:ab:0b:24:84)
I (912) wifi:enable tsf
I (2132) wifi:new:<11,0>, old:<1,0>, ap:<255,255>, sta:<11,0>, prof:1
I (2852) wifi:state: init -> auth (b0)
I (2852) wifi:state: auth -> assoc (0)
I (2862) wifi:state: assoc -> run (10)
I (4042) wifi:connected with 0-radius, aid = 1, channel 11, BW20, bssid = e4:95:6e:41:b3:dc
I (4052) wifi:security: WPA2-ENT, phy: bgn, rssi: -15
I (4052) wifi:pm start, type: 1

I (4092) wifi:AP's beacon interval = 102400 us, DTIM period = 2
I (4912) example: ~~~~~~~~~~~
I (4912) example: IP:0.0.0.0
I (4912) example: MASK:0.0.0.0
I (4912) example: GW:0.0.0.0
I (4912) example: ~~~~~~~~~~~
I (6912) example: ~~~~~~~~~~~
I (6912) example: IP:0.0.0.0
I (6912) example: MASK:0.0.0.0
I (6912) example: GW:0.0.0.0
I (6912) example: ~~~~~~~~~~~
W (7092) wifi:<ba-add>idx:0 (ifx:0, e4:95:6e:41:b3:dc), tid:0, ssn:1, winSize:64
I (8092) esp_netif_handlers: sta ip: 192.168.1.194, mask: 255.255.255.0, gw: 192.168.1.1
I (8912) example: ~~~~~~~~~~~
I (8912) example: IP:192.168.1.194
I (8912) example: MASK:255.255.255.0
I (8912) example: GW:192.168.1.1
I (8912) example: ~~~~~~~~~~~

服务器端输出log（重复连接失败）

Mon Apr  5 09:28:51 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.11: authenticated
Mon Apr  5 09:28:51 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.11: associated (aid 1)
Mon Apr  5 09:28:51 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 98:f4:ab:0b:24:84
Mon Apr  5 09:28:51 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  5 09:28:51 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 98:f4:ab:0b:24:84
Mon Apr  5 09:28:51 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  5 09:28:52 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-FAILURE2 98:f4:ab:0b:24:84
Mon Apr  5 09:28:52 2021 daemon.warn hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)
Mon Apr  5 09:28:54 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.11: authenticated
Mon Apr  5 09:28:54 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.11: associated (aid 1)
Mon Apr  5 09:28:54 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 98:f4:ab:0b:24:84
Mon Apr  5 09:28:54 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  5 09:28:54 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 98:f4:ab:0b:24:84
Mon Apr  5 09:28:54 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  5 09:28:55 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-FAILURE2 98:f4:ab:0b:24:84
Mon Apr  5 09:28:55 2021 daemon.warn hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)

服务器端输出log（正常连接）

Mon Apr  5 08:49:59 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.11: authenticated
Mon Apr  5 08:49:59 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.11: associated (aid 1)
Mon Apr  5 08:49:59 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 98:f4:ab:0b:24:84
Mon Apr  5 08:49:59 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  5 08:49:59 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED 98:f4:ab:0b:24:84
Mon Apr  5 08:49:59 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  5 08:50:00 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-SUCCESS2 98:f4:ab:0b:24:84
Mon Apr  5 08:50:00 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 WPA: pairwise key handshake completed (RSN)
Mon Apr  5 08:50:00 2021 daemon.notice hostapd: wlan0: AP-STA-CONNECTED 98:f4:ab:0b:24:84
Mon Apr  5 08:50:00 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 RADIUS: starting accounting session 4FD18DAE5004CB60
Mon Apr  5 08:50:00 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPDISCOVER(br-lan) 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPOFFER(br-lan) 192.168.1.194 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPDISCOVER(br-lan) 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPOFFER(br-lan) 192.168.1.194 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPDISCOVER(br-lan) 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPOFFER(br-lan) 192.168.1.194 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPDISCOVER(br-lan) 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPOFFER(br-lan) 192.168.1.194 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPREQUEST(br-lan) 192.168.1.194 98:f4:ab:0b:24:84
Mon Apr  5 08:50:03 2021 daemon.info dnsmasq-dhcp[1440]: DHCPACK(br-lan) 192.168.1.194 98:f4:ab:0b:24:84 espressif

正常连接和失败的服务器端log主要区分是，连接失败没有这一条log输出：

Mon Apr 5 08:50:00 2021 daemon.info hostapd: wlan0: STA 98:f4:ab:0b:24:84 WPA: pairwise key handshake completed (RSN)

问题补充

我翻阅了近几年idf的issue，wpa2的问题出现频率很高，我尝试了其中几个解决方法，例如 https://github.com/espressif/esp-idf/issues/4347#issuecomment-559504115 ，但都没有效果。相同的设备环境，我已经在v4.4上成功运行例程，但是两个版本间IDF的区别太大，无法简单的移植组件。如果你们已经在v4.4上成功修复了这个bug，请尽快更新到v3.3版本，或提供一个可用的补丁以满足我们客户的迫切需求。

[sagb2015]

@HeFeng1947 Is it possible for you to provide sniffer capture and certificates (if they are not confidential) Please also share hostapd configuration.

[HeFeng1947]

@HeFeng1947 Is it possible for you to provide sniffer capture and certificates (if they are not confidential) Please also share hostapd configuration.

Our authentication server is FreeRadius3, which is built into OpenWrt. I can just package the entire FreeRadius3 configuration and send it to you. If you have requirements, I can directly send my test router to you for testing.

[HeFeng1947]

freeradius3.zip

My wireless config：

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid '0-radius'
        option encryption 'wpa2'
        option key 'goodlife'
        option auth_port '1812'
        option auth_server '192.168.1.1'

If you need more information, please let me know. This problem has caused our customers to be unable to access their network and has had a significant impact on our business. @sagb2015

[TianaESP]

Hi @HeFeng1947,

Thanks for the reporting. That would be really helpful if you could send the test router to us. Can you please contact our Shanghai office? We would ask our colleague to support with priority.

The email address: sales@espressif.com Please briefly describe the issue, including the GitHub ticket number, and tell us you already have communication with our WiFi team.

Thanks. Tiana

[sagb2015]

@HeFeng1947 Additionally for faster debugging (until we have to device), can you help with the following 1) Enable supplicant debugging => CONFIG_WPA_DEBUG_PRINT=y and provide the logs with v3.3 release (The flag is available on latest release/v3.3) 2) Test with master with CONFIG_WPA_MBEDTLS_CRYPTO=n. By default this flag is enabled on master. Please also keep CONFIG_WPA_DEBUG_PRINT=y.

[HeFeng1947]

@HeFeng1947 Additionally for faster debugging (until we have to device), can you help with the following

1. Enable supplicant debugging => CONFIG_WPA_DEBUG_PRINT=y and provide the logs with v3.3 release (The flag is available on latest release/v3.3)
2. Test with master with CONFIG_WPA_MBEDTLS_CRYPTO=n. By default this flag is enabled on master. Please also keep CONFIG_WPA_DEBUG_PRINT=y.

1. v3.3 Enable supplicant debugging => CONFIG_WPA_DEBUG_PRINT=y

   
   Toolchain path: /home/zsw/.espressif/tools/xtensa-esp32-elf/1.22.0-97-gc752ad5-5.2.0/xtensa-esp32-elf/bin/xtensa-esp32-elf-gcc
   Toolchain version: crosstool-ng-1.22.0-97-gc752ad5
   Compiler version: 5.2.0
   Python requirements from /home/zsw/esp/esp-idf/requirements.txt are satisfied.
   MONITOR
   ets Jun  8 2016 00:22:57

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) configsip: 0, SPIWP:0xee clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 mode:DIO, clock div:2 load:0x3fff0018,len:4 load:0x3fff001c,len:6760 load:0x40078000,len:12152 load:0x40080400,len:6664 entry 0x40080774 I (71) boot: Chip Revision: 1 I (71) boot_comm: chip revision: 1, min. bootloader chip revision: 0 I (39) boot: ESP-IDF v3.3.5-14-g7c8602753-dirty 2nd stage bootloader I (39) boot: compile time 11:14:25 I (39) boot: Enabling RNG early entropy source... I (45) boot: SPI Speed : 40MHz I (49) boot: SPI Mode : DIO I (53) boot: SPI Flash Size : 4MB I (57) boot: Partition Table: I (61) boot: ## Label Usage Type ST Offset Length I (68) boot: 0 nvs WiFi data 01 02 00009000 00006000 I (76) boot: 1 phy_init RF data 01 01 0000f000 00001000 I (83) boot: 2 factory factory app 00 00 00010000 00100000 I (90) boot: End of partition table I (95) boot_comm: chip revision: 1, min. application chip revision: 0 I (102) esp_image: segment 0: paddr=0x00010020 vaddr=0x3f400020 size=0x1b3e0 (111584) map I (150) esp_image: segment 1: paddr=0x0002b408 vaddr=0x3ffb0000 size=0x02fd4 ( 12244) load I (155) esp_image: segment 2: paddr=0x0002e3e4 vaddr=0x40080000 size=0x00400 ( 1024) load I (157) esp_image: segment 3: paddr=0x0002e7ec vaddr=0x40080400 size=0x01824 ( 6180) load I (168) esp_image: segment 4: paddr=0x00030018 vaddr=0x400d0018 size=0x6cb98 (445336) map I (331) esp_image: segment 5: paddr=0x0009cbb8 vaddr=0x40081c24 size=0x11f54 ( 73556) load I (373) boot: Loaded app from partition at offset 0x10000 I (373) boot: Disabling RNG early entropy source... I (374) cpu_start: cpu freq: 160 I (377) cpu_start: Pro cpu up. I (381) cpu_start: Application information: I (386) cpu_start: Project name: wpa2-enterprise I (392) cpu_start: App version: v3.3.5-14-g7c8602753-dirty I (398) cpu_start: Compile time: Apr 19 2021 11:14:21 I (404) cpu_start: ELF file SHA256: 6ea7a67254d457da... I (410) cpu_start: ESP-IDF: v3.3.5-14-g7c8602753-dirty I (417) cpu_start: Starting app cpu, entry point is 0x40081170 I (0) cpu_start: App cpu up. I (427) heap_init: Initializing. RAM available for dynamic allocation: I (434) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM I (440) heap_init: At 3FFB8720 len 000278E0 (158 KiB): DRAM I (447) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM I (453) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM I (459) heap_init: At 40093B78 len 0000C488 (49 KiB): IRAM I (466) cpu_start: Pro cpu start user code I (148) cpu_start: Starting scheduler on PRO CPU. I (0) cpu_start: Starting scheduler on APP CPU.v2.0 wifi:wifi driver task: 3ffc031c, prio:23, stack:3584, core=0 I (221) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE I (221) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSEv2.0 wifi:wifi firmware version: dc30037 I (261) wifi:config NVS flash: enabled I (261) wifi:config nano formating: disabled I (261) wifi:Init data frame dynamic rx buffer num: 32 I (261) wifi:Init management frame dynamic rx buffer num: 32 I (271) wifi:Init management short buffer num: 32 I (271) wifi:Init dynamic tx buffer num: 32 I (281) wifi:Init static rx buffer size: 1600 I (281) wifi:Init static rx buffer num: 10 I (281) wifi:Init dynamic rx buffer num: 32 I (291) wifi_init: rx ba win: 6 I (291) wifi_init: tcpip mbox: 32 I (301) wifi_init: udp mbox: 6 I (301) wifi_init: tcp mbox: 6 I (301) wifi_init: tcp tx win: 5744 I (311) wifi_init: tcp rx win: 5744 I (311) wifi_init: tcp mss: 1440 I (321) wifi_init: WiFi IRAM OP enabled I (321) wifi_init: WiFi RX IRAM OP enabled I (321) example: Setting WiFi configuration SSID 0-radius...v2.0 wpa: WPA2 ENTERPRISE VERSION: [v2.0] enable

I (341) phy_init: phy_version 4660,0162888,Dec 23 2020 I (441) wifi:mode : sta (8c:aa:b5:b2:58:3c) I (1661) wifi:new:<11,0>, old:<1,0>, ap:<255,255>, sta:<11,0>, prof:1 I (2641) wifi:state: init -> auth (b0) I (2671) wifi:state: auth -> assoc (0) I (2671) wifi:state: assoc -> run (10) I (2671) wpa: wpa2_task prio:2, stack:6656

I (3711) wpa: >>>>>wpa2 FAILED

I (3721) wifi:state: run -> init (17c0) I (3721) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1 I (4441) example: ~~~ I (4441) example: IP:0.0.0.0 I (4441) example: MASK:0.0.0.0 I (4441) example: GW:0.0.0.0 I (4441) example: ~~~ I (5781) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1 I (5781) wifi:state: init -> auth (b0) I (5791) wifi:state: auth -> assoc (0) I (5791) wifi:state: assoc -> run (10) I (5791) wpa: wpa2_task prio:2, stack:6656

I (6441) example: ~~~ I (6441) example: IP:0.0.0.0 I (6441) example: MASK:0.0.0.0 I (6441) example: GW:0.0.0.0 I (6441) example: ~~~ I (6841) wpa: >>>>>wpa2 FAILED

I (6861) wifi:state: run -> init (17c0) I (6861) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1 I (8441) example: ~~~ I (8441) example: IP:0.0.0.0 I (8441) example: MASK:0.0.0.0 I (8441) example: GW:0.0.0.0 I (8441) example: ~~~ I (8921) wifi:new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1 I (8921) wifi:state: init -> auth (b0) I (8931) wifi:state: auth -> assoc (0) I (8931) wifi:state: assoc -> run (10) I (8931) wpa: wpa2_task prio:2, stack:6656

I (9971) wpa: >>>>>wpa2 FAILED

2. master（v4.4） CONFIG_WPA_MBEDTLS_CRYPTO=n

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) configsip: 0, SPIWP:0xee clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 mode:DIO, clock div:2 load:0x3fff0030,len:6720 load:0x40078000,len:14224 load:0x40080400,len:3688 entry 0x40080678 I (27) boot: ESP-IDF v4.4-dev-744-g1cb31e509-dirty 2nd stage bootloader I (27) boot: compile time 11:04:24 I (28) boot: chip revision: 1 I (31) boot_comm: chip revision: 1, min. bootloader chip revision: 0 I (39) boot.esp32: SPI Speed : 40MHz I (43) boot.esp32: SPI Mode : DIO I (48) boot.esp32: SPI Flash Size : 2MB I (52) boot: Enabling RNG early entropy source... I (58) boot: Partition Table: I (61) boot: ## Label Usage Type ST Offset Length I (68) boot: 0 nvs WiFi data 01 02 00009000 00006000 I (76) boot: 1 phy_init RF data 01 01 0000f000 00001000 I (83) boot: 2 factory factory app 00 00 00010000 00100000 I (91) boot: End of partition table I (95) boot_comm: chip revision: 1, min. application chip revision: 0 I (102) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=186a0h (100000) map I (149) esp_image: segment 1: paddr=000286c8 vaddr=3ffb0000 size=0413ch ( 16700) load I (156) esp_image: segment 2: paddr=0002c80c vaddr=40080000 size=0380ch ( 14348) load I (162) esp_image: segment 3: paddr=00030020 vaddr=400d0020 size=839ech (539116) map I (366) esp_image: segment 4: paddr=000b3a14 vaddr=4008380c size=1218ch ( 74124) load I (398) esp_image: segment 5: paddr=000c5ba8 vaddr=50000000 size=00010h ( 16) load I (410) boot: Loaded app from partition at offset 0x10000 I (410) boot: Disabling RNG early entropy source... I (422) cpu_start: Pro cpu up. I (422) cpu_start: Starting app cpu, entry point is 0x40081304 I (0) cpu_start: App cpu up. I (436) cpu_start: Pro cpu start user code I (436) cpu_start: cpu freq: 160000000 I (436) cpu_start: Application information: I (441) cpu_start: Project name: wpa2-enterprise I (446) cpu_start: App version: v4.4-dev-744-g1cb31e509-dirty I (453) cpu_start: Compile time: Apr 19 2021 11:26:30 I (459) cpu_start: ELF file SHA256: 3631f6562d30679c... I (465) cpu_start: ESP-IDF: v4.4-dev-744-g1cb31e509-dirty I (472) heap_init: Initializing. RAM available for dynamic allocation: I (479) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM I (485) heap_init: At 3FFB7E20 len 000281E0 (160 KiB): DRAM I (492) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM I (498) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM I (504) heap_init: At 40095998 len 0000A668 (41 KiB): IRAM I (512) spi_flash: detected chip: generic I (515) spi_flash: flash io: dio W (519) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header. I (533) cpu_start: Starting scheduler on PRO CPU. I (0) cpu_start: Starting scheduler on APP CPU. I (629) wifi:wifi driver task: 3ffc1a2c, prio:23, stack:6656, core=0 I (629) system_api: Base MAC address is not set I (629) system_api: read default base MAC address from EFUSE I (649) wifi:wifi firmware version: 4809a2e I (649) wifi:wifi certification version: v7.0 I (649) wifi:config NVS flash: enabled I (649) wifi:config nano formating: disabled I (659) wifi:Init data frame dynamic rx buffer num: 32 I (659) wifi:Init management frame dynamic rx buffer num: 32 I (669) wifi:Init management short buffer num: 32 I (669) wifi:Init dynamic tx buffer num: 32 I (679) wifi:Init static rx buffer size: 1600 I (679) wifi:Init static rx buffer num: 10 I (679) wifi:Init dynamic rx buffer num: 32 I (689) wifi_init: rx ba win: 6 I (689) wifi_init: tcpip mbox: 32 I (689) wifi_init: udp mbox: 6 I (699) wifi_init: tcp mbox: 6 I (699) wifi_init: tcp tx win: 5744 I (709) wifi_init: tcp rx win: 5744 I (709) wifi_init: tcp mss: 1440 I (709) wifi_init: WiFi IRAM OP enabled I (719) wifi_init: WiFi RX IRAM OP enabled I (719) example: Setting WiFi configuration SSID 0-radius... I (729) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07 I (839) wifi:mode : sta (8c:aa:b5:b2:58:3c) I (839) wifi:enable tsf I (2059) wifi:new:<11,0>, old:<1,0>, ap:<255,255>, sta:<11,0>, prof:1 I (3029) wifi:state: init -> auth (b0) I (3039) wifi:state: auth -> assoc (0) I (3049) wifi:state: assoc -> run (10) I (3829) wifi:connected with 0-radius, aid = 1, channel 11, BW20, bssid = e4:95:6e:41:b3:dc I (3829) wifi:security: WPA2-ENT, phy: bgn, rssi: -47 I (3829) wifi:pm start, type: 1

I (3889) wifi:AP's beacon interval = 102400 us, DTIM period = 2 I (4619) esp_netif_handlers: sta ip: 192.168.1.211, mask: 255.255.255.0, gw: 192.168.1.1 I (4839) example: ~~~ I (4839) example: IP:192.168.1.211 I (4839) example: MASK:255.255.255.0 I (4839) example: GW:192.168.1.1 I (4839) example: ~~~ I (6839) example: ~~~ I (6839) example: IP:192.168.1.211 I (6839) example: MASK:255.255.255.0 I (6839) example: GW:192.168.1.1 I (6839) example: ~~~

3. master（v4.4）CONFIG_WPA_MBEDTLS_CRYPTO=y

rst:0x1 (POWERON_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) configsip: 0, SPIWP:0xee clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 mode:DIO, clock div:2 load:0x3fff0030,len:6720 load:0x40078000,len:14224 load:0x40080400,len:3688 entry 0x40080678 I (26) boot: ESP-IDF v4.4-dev-744-g1cb31e509-dirty 2nd stage bootloader I (27) boot: compile time 11:04:24 I (28) boot: chip revision: 1 I (31) boot_comm: chip revision: 1, min. bootloader chip revision: 0 I (39) boot.esp32: SPI Speed : 40MHz I (43) boot.esp32: SPI Mode : DIO I (48) boot.esp32: SPI Flash Size : 2MB I (52) boot: Enabling RNG early entropy source... I (58) boot: Partition Table: I (61) boot: ## Label Usage Type ST Offset Length I (68) boot: 0 nvs WiFi data 01 02 00009000 00006000 I (76) boot: 1 phy_init RF data 01 01 0000f000 00001000 I (83) boot: 2 factory factory app 00 00 00010000 00100000 I (91) boot: End of partition table I (95) boot_comm: chip revision: 1, min. application chip revision: 0 I (102) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=1b358h (111448) map I (153) esp_image: segment 1: paddr=0002b380 vaddr=3ffb0000 size=04190h ( 16784) load I (160) esp_image: segment 2: paddr=0002f518 vaddr=40080000 size=00b00h ( 2816) load I (161) esp_image: segment 3: paddr=00030020 vaddr=400d0020 size=8ca44h (576068) map I (384) esp_image: segment 4: paddr=000bca6c vaddr=40080b00 size=14e98h ( 85656) load I (421) esp_image: segment 5: paddr=000d190c vaddr=50000000 size=00010h ( 16) load I (433) boot: Loaded app from partition at offset 0x10000 I (433) boot: Disabling RNG early entropy source... I (445) cpu_start: Pro cpu up. I (445) cpu_start: Starting app cpu, entry point is 0x40081304 I (0) cpu_start: App cpu up. I (459) cpu_start: Pro cpu start user code I (459) cpu_start: cpu freq: 160000000 I (459) cpu_start: Application information: I (464) cpu_start: Project name: wpa2-enterprise I (469) cpu_start: App version: v4.4-dev-744-g1cb31e509-dirty I (476) cpu_start: Compile time: Apr 19 2021 11:11:14 I (482) cpu_start: ELF file SHA256: dde9b63e7c7f0ad8... I (488) cpu_start: ESP-IDF: v4.4-dev-744-g1cb31e509-dirty I (495) heap_init: Initializing. RAM available for dynamic allocation: I (502) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM I (509) heap_init: At 3FFB7F68 len 00028098 (160 KiB): DRAM I (515) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM I (521) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM I (528) heap_init: At 40095998 len 0000A668 (41 KiB): IRAM I (535) spi_flash: detected chip: generic I (538) spi_flash: flash io: dio W (542) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the size in the binary image header. I (557) cpu_start: Starting scheduler on PRO CPU. I (0) cpu_start: Starting scheduler on APP CPU. I (653) wifi:wifi driver task: 3ffc1af0, prio:23, stack:6656, core=0 I (653) system_api: Base MAC address is not set I (653) system_api: read default base MAC address from EFUSE I (673) wifi:wifi firmware version: 4809a2e I (673) wifi:wifi certification version: v7.0 I (673) wifi:config NVS flash: enabled I (673) wifi:config nano formating: disabled I (683) wifi:Init data frame dynamic rx buffer num: 32 I (683) wifi:Init management frame dynamic rx buffer num: 32 I (693) wifi:Init management short buffer num: 32 I (693) wifi:Init dynamic tx buffer num: 32 I (703) wifi:Init static rx buffer size: 1600 I (703) wifi:Init static rx buffer num: 10 I (703) wifi:Init dynamic rx buffer num: 32 I (713) wifi_init: rx ba win: 6 I (713) wifi_init: tcpip mbox: 32 I (713) wifi_init: udp mbox: 6 I (723) wifi_init: tcp mbox: 6 I (723) wifi_init: tcp tx win: 5744 I (733) wifi_init: tcp rx win: 5744 I (733) wifi_init: tcp mss: 1440 I (733) wifi_init: WiFi IRAM OP enabled I (743) wifi_init: WiFi RX IRAM OP enabled I (743) example: Setting WiFi configuration SSID 0-radius... I (753) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07 W (763) phy_init: failed to load RF calibration data (0xffffffff), falling back to full calibration I (1073) wifi:mode : sta (8c:aa:b5:b2:58:3c) I (1073) wifi:enable tsf I (2293) wifi:new:<11,0>, old:<1,0>, ap:<255,255>, sta:<11,0>, prof:1 I (3203) wifi:state: init -> auth (b0) I (3213) wifi:state: auth -> assoc (0) I (3223) wifi:state: assoc -> run (10) I (4563) wifi:connected with 0-radius, aid = 1, channel 11, BW20, bssid = e4:95:6e:41:b3:dc I (4563) wifi:security: WPA2-ENT, phy: bgn, rssi: -46 I (4563) wifi:pm start, type: 1

I (4623) wifi:AP's beacon interval = 102400 us, DTIM period = 2 I (5073) example: ~~~ I (5073) example: IP:0.0.0.0 I (5073) example: MASK:0.0.0.0 I (5073) example: GW:0.0.0.0 I (5073) example: ~~~ I (5143) esp_netif_handlers: sta ip: 192.168.1.211, mask: 255.255.255.0, gw: 192.168.1.1 I (7073) example: ~~~ I (7073) example: IP:192.168.1.211 I (7073) example: MASK:255.255.255.0 I (7073) example: GW:192.168.1.1 I (7073) example: ~~~ I (9073) example: ~~~ I (9073) example: IP:192.168.1.211 I (9073) example: MASK:255.255.255.0 I (9073) example: GW:192.168.1.1 I (9073) example: ~~~ W (9753) wifi:idx:0 (ifx:0, e4:95:6e:41:b3:dc), tid:0, ssn:1, winSize:64 I (11073) example: ~~~ I (11073) example: IP:192.168.1.211 I (11073) example: MASK:255.255.255.0 I (11073) example: GW:192.168.1.1 I (11073) example: ~~~ I (13073) example: ~~~ I (13073) example: IP:192.168.1.211 I (13073) example: MASK:255.255.255.0

Hi @sagb2015 
From the log point of view, it is possible to connect to an AP whether it is turned on CONFIG_WPA_MBEDTLS_CRYPTO or not, but with CONFIG_WPA_MBEDTLS_CRYPTO= N, the connection is faster

[HeFeng1947]

Hi @HeFeng1947,

Thanks for the reporting. That would be really helpful if you could send the test router to us. Can you please contact our Shanghai office? We would ask our colleague to support with priority.

The email address: sales@espressif.com Please briefly describe the issue, including the GitHub ticket number, and tell us you already have communication with our WiFi team.

Thanks. Tiana

hi @TianaESP , I have sent the email and I am waiting for your reply！

[sagb2015]

Hi @HeFeng1947 , please try with the following in the radius config that your shared (mods-available/eap). We do not have support for TLS v1.2 on IDF v3.3.

 disable_tlsv1_2 = no
 disable_tlsv1_1 = no
 disable_tlsv1 = no
 tls_min_version = "1.0"

[HeFeng1947]

Hi @HeFeng1947 , please try with the following in the radius config that your shared (mods-available/eap). We do not have support for TLS v1.2 on IDF v3.3.

 disable_tlsv1_2 = no
 disable_tlsv1_1 = no
 disable_tlsv1 = no
 tls_min_version = "1.0"

Why not support TLS1.2? Do you have any plans to add this feature? If we need to add this support, what files need to be modified?

[hpdhabe]

Hi @HeFeng1947 , Can you please tryout the attached path that adds support for TLS1.2 and let us know if this works. The patch was build upon the latest commit of release/v3.3 7c86027 and is also tested to be directly applicable on the commit (https://github.com/espressif/esp-idf/commit/bf022060964128556b3d3205b65c5d35df9beef6) that you have mentioned.

patch.zip

[sagb2015]

@HeFeng1947 We do have support for TLS1.2, but from v4.0 onwards. We do not intend to backport it onto 3.3 since the release is in maintenance only phase (Reference here).

[HeFeng1947]

Hi @HeFeng1947 , Can you please tryout the attached path that adds support for TLS1.2 and let us know if this works. The patch was build upon the latest commit of release/v3.3 7c86027 and is also tested to be directly applicable on the commit (bf02206) that you have mentioned.

patch.zip

Thank you very much! We will test it and give you feedback as soon as possible.

[HeFeng1947]

I have completed the test in Demo and it works perfect! Thank you very much!! @sagb2015 @hpdhabe @TianaESP

[sagb2015]

Good to know! Feel free to reopen if you need any other help.