Ask / Submit
29

bug WPA2 Enterprise wpa_supplicant fails when server-cert is also client-cert (Radius-RadSec, eduroam) [released]

asked 2014-04-14 11:22:55 +0300

chemist gravatar image

updated 2014-07-23 12:21:42 +0300

Current version of wpa_supplicant fails when server certificate is also client certificate as a patch to prevent client certificates to be used did not check if it is actually a server certificate too.

http://patchwork.ozlabs.org/patch/320617/

Fixed in upstream.

Thanks go @Digital Brains for providing an undone version https://together.jolla.com/question/315/wpa2-pskaesothers-wifi-support-needed-workaround/?answer=38843#post-id-38843

UPDATE: For those whom installed the patched version - after 1.0.5.19 you need to reinstall the patched version as the release version gets pulled in again.

UPDATE2: For those whom installed the patched version - after 1.0.7.16 you need to reinstall the patched version as the release version gets pulled in again.

This applies to most/all eduroam servers (WPA2 Enterprise) as Radius cannot do RadSec without having both (client and server cert) http://en.wikipedia.org/wiki/RadSec

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by chemist
close date 2014-07-23 12:22:19.996388

Comments

Out of pure curiosity, was this bug filed at jolla yet?

ozzi ( 2014-04-15 15:20:44 +0300 )edit
2

@ozzi this here is "bug filed at jolla" - there is no other way than open a question in together.jolla.com and mark it as bug (there is no public bugtracker or anything)

chemist ( 2014-04-15 15:48:06 +0300 )edit
2

Hoping for Jolla to fix this soon, because it really breaks an important functionality (even if it might not be their fault). I agree with others, that unless you really need it, it will be better to wait for an official patch or Sailfish update.

@Jolla: is there any way you could rollout small urgent, optional or mandatory patches independently of your main update releases?

melg01 ( 2014-04-16 15:46:48 +0300 )edit
1

Thx for UPDATE2 I don't understand, that the new version is still buggy, it's an easy fix, that shouldn't have happend!

dafeujolla ( 2014-06-10 18:07:24 +0300 )edit

I will try the current release as soon as I have a new device - I will close this if it is working with our network (some people seem to misunderstand that they did not need this patch if the server-cert is not a client-cert too)

chemist ( 2014-07-21 00:15:32 +0300 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2014-07-18 18:21:47 +0300

javispedro gravatar image

updated 2014-07-18 18:22:09 +0300

Ever since 1.0.8.19 this seems have been fixed (or at least it works for me; it didn't work in 1.0.7). Is that the case for everyone?

edit flag offensive delete publish link more

Comments

not for me. before the up it worked with patched wpasupplicant. :(

NuklearFart ( 2014-07-18 19:20:35 +0300 )edit

Yup, eduroam at Aalto works fine now. No patched version of wpaspplicant in use before the update, not that that should matter?

larstiq ( 2014-07-18 19:38:26 +0300 )edit

I read a comment by @tigeli somewhere that a patched wpa_supplicant is no longer necessary. I have yet to try it myself, though.

nthn ( 2014-07-19 00:06:51 +0300 )edit

I still can't get WPA2 Enterprise to work in my company...

Settings: [wifi_5056a8015061_626c697a7a617264_managed_ieee8021x] Type=wifi Name=[SSID] EAP=peap Phase2=MSCHAPV2 AutoConnect=true Favorite=true CACertFile=/etc/ssl/certs/<certfile>.pem Identity=[username] Passphrase=[password] IPv4=dhcp IPv6=auto Frequency=2462 Modified=1970-01-01T00:00:00Z SSID=[SSID in hex] IPv4.method=dhcp IPv6.method=auto IPv6.privacy=disabled</certfile>

Anyone got any ideas to debug? I already tried adding "-dd" to the dbus config for wpa_supplicant, but I'm not really getting much extra debug (probably because CONFIG_DEBUG is not enabled). I'd rather not rebuild wpa_supplicant with debugging enabled if not needed. So any means of getting at least a determination of what's wrong is appreciated.

HIGHGuY ( 2014-07-19 10:25:35 +0300 )edit

still not working for me.

Foxping ( 2015-09-09 12:18:58 +0300 )edit

Question tools

Follow
6 followers

Stats

Asked: 2014-04-14 11:22:55 +0300

Seen: 2,151 times

Last updated: Jul 18 '14