Comment 8 for bug 284409

Revision history for this message
Kartoch (kartoch) wrote :

I'm not sure it's really solved.

If I try to connect with a fresh setup from the network manager gui, it works but /var/log/wpa_supplicant.log contains:

CTRL-EVENT-SCAN-RESULTS
Associated with 00:1e:be:a7:f6:90
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:1e:be:a7:f6:90 [PTK=TKIP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to 00:1e:be:a7:f6:90 completed (reauth) [id=0 id_str=]

So it seems it didn't succeed to validate the certificate... but it continues (dangerous)

If I try to update the settings, it doesn't work because of a self-certificate in the certificate chain:

Associated with 00:1e:be:a8:38:20
CTRL-EVENT-SCAN-RESULTS
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 2 for '/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

So my hypothesis is that we have two bugs:

- one with no validation of certificate when settings are new
- one with strange validation of root certificate (of course it's a self certfiicate ! ;-)