[Bug 691384] New: Unable to connect using WPA-Enterprise PEAP with CA Root Certificate
https://bugzilla.novell.com/show_bug.cgi?id=691384 https://bugzilla.novell.com/show_bug.cgi?id=691384#c0 Summary: Unable to connect using WPA-Enterprise PEAP with CA Root Certificate Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: limguowei@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=427690) --> (http://bugzilla.novell.com/attachment.cgi?id=427690) wpa_supplicant log file User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.0) Gecko/20100101 Firefox/4.0 On OpenSUSE 11.4 KDE, the system is unable to connect to a WPA-Enterprise using PEAP with CA Root Certificate. Plasmoid-networkmanagement is used. WPA Supplicant log is as follows: OpenSSL: tls_connection_ca_cert - Failed to parse ca_cert_blob error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error KDE bugzilla has a related bug report here https://bugs.kde.org/show_bug.cgi?id=209673 Does not happen on GNOME Distriubtion Reproducible: Always Steps to Reproduce: 1.Select CA Root Certificate 2.Enter Credentials Actual Results: Fails to connect to WPA-Enterprise Protected Network Expected Results: Connects successfully to WPA-Enterprise Protected Network -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c1
Vladimir Botka
OpenSSL: tls_connection_ca_cert - Failed to parse ca_cert_blob error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Does not happen on GNOME Distriubtion
There must be something wrong with your CA settings. There is also another message from the wpa_supplicant [1]. But these messages comes from wpa_supplicant which doesn't depend on the desktop environment. To isolate the problem it would be good to get correct certificates and try to configure the wpa_supplicant in runlevel 3 first. [1] TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 2 for '/C=SG/O=CIS/CN=SP Root Certificate Authority' CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=2 subject='/C=SG/O=CIS/CN=SP Root Certificate Authority' err='self signed certificate in certificate chain' SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed CTRL-EVENT-EAP-FAILURE EAP authentication failed -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c2
--- Comment #2 from GW Lim
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c4
Vladimir Botka
Using gnome's nm-applet it works perfect. Plasmoid-networkmanagement is still not working.
It would be good if the KDE maintainer took a look on it. I'm reassigning to kde-maintainers then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c5
Christian Trippe
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c6
--- Comment #6 from GW Lim
Can you try the NetworkManager-plasmoid from http://download.opensuse.org/repositories/KDE:/UpdatedApps/openSUSE_11.4/ ? Thanks!
It works! But unlike the nm-applet I cannot point it to the file directly. What I did was I used the install cert method in openssl http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl Then when selecting the certificate in plasmoid-network I checked used system certificate since I had installed it in the previous step. I still think we need to improve on the certificate handling part in KDE because not all users would be happy to use openssl to install the cert before they can use it. Thanks Anyway! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c7
Christian Trippe
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c8
--- Comment #8 from Justin Williams
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c9
Alin M Elena
https://bugzilla.novell.com/show_bug.cgi?id=691384
https://bugzilla.novell.com/show_bug.cgi?id=691384#c10
Jiaying ren
participants (1)
-
bugzilla_noreply@novell.com