We have moved to a new Sailfish OS Forum. Please start new discussions there.

bug WPA2 Enterprise wpa_supplicant fails when server-cert is also client-cert (Radius-RadSec, eduroam) [released]

asked 2014-04-14 11:22:55 +0200

chemist gravatar image

updated 2014-07-23 12:21:42 +0200

Current version of wpa_supplicant fails when server certificate is also client certificate as a patch to prevent client certificates to be used did not check if it is actually a server certificate too.


Fixed in upstream.

Thanks go @Digital Brains for providing an undone version https://together.jolla.com/question/315/wpa2-pskaesothers-wifi-support-needed-workaround/?answer=38843#post-id-38843

UPDATE: For those whom installed the patched version - after you need to reinstall the patched version as the release version gets pulled in again.

UPDATE2: For those whom installed the patched version - after you need to reinstall the patched version as the release version gets pulled in again.

This applies to most/all eduroam servers (WPA2 Enterprise) as Radius cannot do RadSec without having both (client and server cert) http://en.wikipedia.org/wiki/RadSec

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by chemist
close date 2014-07-23 12:22:19.996388


Out of pure curiosity, was this bug filed at jolla yet?

ozzi ( 2014-04-15 15:20:44 +0200 )edit

@ozzi this here is "bug filed at jolla" - there is no other way than open a question in together.jolla.com and mark it as bug (there is no public bugtracker or anything)

chemist ( 2014-04-15 15:48:06 +0200 )edit

Hoping for Jolla to fix this soon, because it really breaks an important functionality (even if it might not be their fault). I agree with others, that unless you really need it, it will be better to wait for an official patch or Sailfish update.

@Jolla: is there any way you could rollout small urgent, optional or mandatory patches independently of your main update releases?

melg01 ( 2014-04-16 15:46:48 +0200 )edit

Thx for UPDATE2 I don't understand, that the new version is still buggy, it's an easy fix, that shouldn't have happend!

dafeujolla ( 2014-06-10 18:07:24 +0200 )edit

I will try the current release as soon as I have a new device - I will close this if it is working with our network (some people seem to misunderstand that they did not need this patch if the server-cert is not a client-cert too)

chemist ( 2014-07-21 00:15:32 +0200 )edit

1 Answer

Sort by » oldest newest most voted

answered 2014-07-18 18:21:47 +0200

javispedro gravatar image

updated 2014-07-18 18:22:09 +0200

Ever since this seems have been fixed (or at least it works for me; it didn't work in 1.0.7). Is that the case for everyone?

edit flag offensive delete publish link more


not for me. before the up it worked with patched wpasupplicant. :(

NuklearFart ( 2014-07-18 19:20:35 +0200 )edit

Yup, eduroam at Aalto works fine now. No patched version of wpaspplicant in use before the update, not that that should matter?

larstiq ( 2014-07-18 19:38:26 +0200 )edit

I read a comment by @tigeli somewhere that a patched wpa_supplicant is no longer necessary. I have yet to try it myself, though.

nthn ( 2014-07-19 00:06:51 +0200 )edit

I still can't get WPA2 Enterprise to work in my company...

Settings: [wifi_5056a8015061_626c697a7a617264_managed_ieee8021x] Type=wifi Name=[SSID] EAP=peap Phase2=MSCHAPV2 AutoConnect=true Favorite=true CACertFile=/etc/ssl/certs/<certfile>.pem Identity=[username] Passphrase=[password] IPv4=dhcp IPv6=auto Frequency=2462 Modified=1970-01-01T00:00:00Z SSID=[SSID in hex] IPv4.method=dhcp IPv6.method=auto IPv6.privacy=disabled</certfile>

Anyone got any ideas to debug? I already tried adding "-dd" to the dbus config for wpa_supplicant, but I'm not really getting much extra debug (probably because CONFIG_DEBUG is not enabled). I'd rather not rebuild wpa_supplicant with debugging enabled if not needed. So any means of getting at least a determination of what's wrong is appreciated.

HIGHGuY ( 2014-07-19 10:25:35 +0200 )edit

still not working for me.

Foxping ( 2015-09-09 12:18:58 +0200 )edit

Question tools



Asked: 2014-04-14 11:22:55 +0200

Seen: 2,210 times

Last updated: Jul 18 '14