Martin Draexler
2006-11-17 08:29:28 UTC
I am trying to use my eToken to connect to a WPA/802.1x encrypted network.
wpa_supplicant is configured to use engine-pkcs#11 as follows:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=admin
eapol_version=1
ap_scan=2
fast_reauth=1
pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
pkcs11_module_path=/usr/local/lib/libetpkcs11.so
network={
ssid="802.1X"
key_mgmt=WPA-EAP
eap=TLS
proto=RSN
pairwise=CCMP TKIP
group=CCMP TKIP
identity="***@uni-paderborn.de"
#identity="0:0c69907ab04c0fe4274dd3db3d86567b40c01f37"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/draexler.pem"
engine=1
# The engine configured here must be available. Look at
# OpenSSL engine support in the global section.
# The key available through the engine must be the private key
# matching the client certificate configured above.
# use the opensc engine
#engine_id="opensc"
#key_id="45"
# use the pkcs11 engine
engine_id="pkcs11"
key_id="0:0c69907ab04c0fe4274dd3db3d86567b40c01f37"
# Optional PIN configuration; this can be left out and PIN will be
# asked through the control interface
pin="TOPSECRET"
}
But if I start wpa_supplicant I get the following errors:
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
Associated with 00:0b:85:26:19:61
CTRL-EVENT-EAP-STARTED EAP authentication started
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1 lib
could not parse string!
supported formats: <id>, <slot>:<id>, id_<id>, slot_<slot>-id_<id>
where <slot> is the slot number as normal integer,
and <id> is the id number as hex string.
PKCS11_get_private_key returned NULL
ENGINE: cannot load private key with id
'0:0c69907ab04c0fe4274dd3db3d86567b40c01f37' [error:26096080:engine
routines:ENGINE_load_private_key:failed loading private key]
CTRL-EVENT-EAP-METHOD EAP method 13 (TLS) selected
SSL: SSL3 alert: read (remote end reported an error):fatal:handshake failure
OpenSSL: tls_connection_handshake - SSL_connect error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
CTRL-EVENT-EAP-FAILURE EAP authentication failed
CTRL-EVENT-EAP-STARTED EAP authentication started
TLS - SSL error: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1 lib
ENGINE: Smartcard PIN not set
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
CTRL-REQ-PIN-0:PIN needed for SSID 802.1X
EAP: Failed to initialize EAP method 13 (TLS)
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
Associated with 00:0b:85:26:37:9e
CTRL-EVENT-EAP-STARTED EAP authentication started
TLS - SSL error: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1 lib
ENGINE: Smartcard PIN not set
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
CTRL-REQ-PIN-0:PIN needed for SSID 802.1X
EAP: Failed to initialize EAP method 13 (TLS)
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-TERMINATING - signal 2 received
Anyone any idea???
Thanks, Martin Draexler
wpa_supplicant is configured to use engine-pkcs#11 as follows:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=admin
eapol_version=1
ap_scan=2
fast_reauth=1
pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
pkcs11_module_path=/usr/local/lib/libetpkcs11.so
network={
ssid="802.1X"
key_mgmt=WPA-EAP
eap=TLS
proto=RSN
pairwise=CCMP TKIP
group=CCMP TKIP
identity="***@uni-paderborn.de"
#identity="0:0c69907ab04c0fe4274dd3db3d86567b40c01f37"
ca_cert="/etc/cert/ca.pem"
client_cert="/etc/cert/draexler.pem"
engine=1
# The engine configured here must be available. Look at
# OpenSSL engine support in the global section.
# The key available through the engine must be the private key
# matching the client certificate configured above.
# use the opensc engine
#engine_id="opensc"
#key_id="45"
# use the pkcs11 engine
engine_id="pkcs11"
key_id="0:0c69907ab04c0fe4274dd3db3d86567b40c01f37"
# Optional PIN configuration; this can be left out and PIN will be
# asked through the control interface
pin="TOPSECRET"
}
But if I start wpa_supplicant I get the following errors:
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
Associated with 00:0b:85:26:19:61
CTRL-EVENT-EAP-STARTED EAP authentication started
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1 lib
could not parse string!
supported formats: <id>, <slot>:<id>, id_<id>, slot_<slot>-id_<id>
where <slot> is the slot number as normal integer,
and <id> is the id number as hex string.
PKCS11_get_private_key returned NULL
ENGINE: cannot load private key with id
'0:0c69907ab04c0fe4274dd3db3d86567b40c01f37' [error:26096080:engine
routines:ENGINE_load_private_key:failed loading private key]
CTRL-EVENT-EAP-METHOD EAP method 13 (TLS) selected
SSL: SSL3 alert: read (remote end reported an error):fatal:handshake failure
OpenSSL: tls_connection_handshake - SSL_connect error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
CTRL-EVENT-EAP-FAILURE EAP authentication failed
CTRL-EVENT-EAP-STARTED EAP authentication started
TLS - SSL error: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1 lib
ENGINE: Smartcard PIN not set
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
CTRL-REQ-PIN-0:PIN needed for SSID 802.1X
EAP: Failed to initialize EAP method 13 (TLS)
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
Associated with 00:0b:85:26:37:9e
CTRL-EVENT-EAP-STARTED EAP authentication started
TLS - SSL error: error:0B07C065:x509 certificate
routines:X509_STORE_add_cert:cert already in hash table
OpenSSL: pending error: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL
routines:SSL_use_certificate_file:ASN1 lib
ENGINE: Smartcard PIN not set
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
CTRL-REQ-PIN-0:PIN needed for SSID 802.1X
EAP: Failed to initialize EAP method 13 (TLS)
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with SSID '802.1X'
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-TERMINATING - signal 2 received
Anyone any idea???
Thanks, Martin Draexler