[prev in list] [next in list] [prev in thread] [next in thread] 

List:       hostap
Subject:    Re: Problems with EAP-TTLS/EAP-TLS
From:       Carolin Latze <carolin.latze () unifr ! ch>
Date:       2008-10-24 12:36:19
Message-ID: 4901C143.80307 () unifr ! ch
[Download RAW message or body]

Sjors Gielen wrote:
> Carolin Latze wrote:
>   
>> That gives more or less the same error. But I think that cannot be the
>> solution anyway since EAP-TTLS should not require client authentication
>> from what I know about EAP-TTLS, but I might be wrong. But I also think
>> the problem lies in the order of the statements.
>>
>> I have another more general question: Does the EAP-TTLS module call the
>> EAP-TLS module? I mean it seems, that it works like that since I see my
>> old debug messages but is that really correct?
>>     
>
> Oops, missed this. According to this line in your wpa_supplicant.conf:
>         phase2="autheap=TLS"
> It does ;) Change that to
>         phase2="autheap=MD5"
> or
>         phase2="autheap=MSCHAPV2"
> (or something similar) and it will probably work :)
>   

Tried that and still get

OpenSSL: tls_connection_engine_private_key - Private key failed 
verification error:140A30B1:SSL routines:SSL_check_private_key:no 
certificate assigned

:) But anyway, I really would like to have EAP-TTLS/EAP-TLS, which means 
to have mutual authentication inside a tunnel established with server 
authentication. Do you think that is possible?

Regards and Thanks for all those hints!
Carolin

-- 
Carolin Latze
Research Assistant

Department of Computer Science
Boulevard de Pérolles 90
CH-1700 Fribourg

phone: +41 26 300 83 30
homepage: http://diuf.unifr.ch/people/latzec


_______________________________________________
HostAP mailing list
HostAP@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap

[prev in list] [next in list] [prev in thread] [next in thread]