Mailinglist Archive: opensuse-bugs (6605 mails)

< Previous Next >
[Bug 532810] New: knm4 fails to connect to wpa eap if the supplied certificates are not trusted (self-signed)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 20 Aug 2009 06:12:22 -0600
  • Message-id: <bug-532810-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>
http://bugzilla.novell.com/show_bug.cgi?id=532810


Summary: knm4 fails to connect to wpa eap if the supplied
certificates are not trusted (self-signed)
Classification: openSUSE
Product: openSUSE 11.2
Version: Factory
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: KDE4 Applications
AssignedTo: kde-maintainers@xxxxxxx
ReportedBy: sven.burmeister@xxxxxxx
QAContact: qa@xxxxxxx
Found By: ---


Created an attachment (id=314246)
--> (http://bugzilla.novell.com/attachment.cgi?id=314246)
certificate chain

User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.2)
Gecko/20090730 SUSE/3.5.2-2.4 Firefox/3.5.2

If one uses a certificate-chain, such as the one attached, knm4 fails to
connect.

wpa_supplicant log shows:

Trying to associate with 00:23:eb:0c:26:b0 (SSID='eduroam' freq=2412 MHz)
Association request to the driver failed
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Associated with 00:23:eb:0c:26:b0
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
TLS: Certificate verification failed, error 19 (self signed certificate in
certificate chain) depth 3 for '/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust
Center/CN=Deutsche Telekom Root CA 2'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed

If one installs the Deutsche Telekom certificate into /etc/ssl/certs, it works.

Expected behaviour, if the user supplies a certificate chain, trust it.

If this is not a knm4 but NetworkManager or openssl/wpa_supplicant issue,
please re-assign.

Reproducible: Always

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >