[Bug 1026807] New: TLS: Unsupported Phase2 EAP method 'mschapv2'
http://bugzilla.suse.com/show_bug.cgi?id=1026807 Bug ID: 1026807 Summary: TLS: Unsupported Phase2 EAP method 'mschapv2' Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: nadvornik@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 715406 --> http://bugzilla.suse.com/attachment.cgi?id=715406&action=edit /etc/sysconfig/network/ifcfg-wlan0 I have wifi configured using wicked and legacy configuration in /etc/sysconfig/network/ifcfg-wlan0. I have updated to current tumbleweed after several months and this configuration stopped working. I got this error in /var/log/wpa_supplicant.log: wlan0: Associated with 84:d4:7e:e0:78:10 wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 TLS: Unsupported Phase2 EAP method 'mschapv2' wlan0: EAP: Failed to initialize EAP method: vendor 0 method 25 (PEAP) wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 EAP-TLS: Private key not configured wlan0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS) After downgrade to wpa_supplicant-2.5 it works again. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Chenzi Cao
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c1
Srinidhi B S
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c2
Karol Babioch
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c3
Karol Babioch
EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params
This patch fixes an issue with an invalid phase2 parameter value auth=MSCHAPv2 getting interpreted as auth=MSCHAP (v1) which could degrade security (though, only within a protected TLS tunnel). Now when invalid or unsupported auth= phase2 parameter combinations are specified, EAP-TTLS initialization throws an error instead of silently doing something.
More then one auth= phase2 type cannot be specified and also both auth= and autheap= options cannot be specified.
Parsing phase2 type is case sensitive (as in other EAP parts), so phase2 parameter auth=MSCHAPv2 is invalid. Only auth=MSCHAPV2 is correct.
Signed-off-by: Pali Rohár
[Use cstr_token() to get rid of unnecessary allocation; cleanup] Signed-off-by: Jouni Malinen
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Karol Babioch
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c4
--- Comment #4 from Karol Babioch
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Rubén Torrero Marijnissen
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c5
--- Comment #5 from Karol Babioch
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c6
Marius Tomaschewski
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c7
--- Comment #7 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c10
Karol Babioch
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Andreas Taschner
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c12
--- Comment #12 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c13
--- Comment #13 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c14
--- Comment #14 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c15
--- Comment #15 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c16
--- Comment #16 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c17
--- Comment #17 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1026807
http://bugzilla.suse.com/show_bug.cgi?id=1026807#c18
--- Comment #18 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com