Ask / Submit

bug WPA2 Enterprise wpa_supplicant fails when server-cert is also client-cert (Radius-RadSec, eduroam) [released]

asked 2014-04-14 11:22:55 +0300

chemist gravatar image

updated 2014-07-23 12:21:42 +0300

Current version of wpa_supplicant fails when server certificate is also client certificate as a patch to prevent client certificates to be used did not check if it is actually a server certificate too.

Fixed in upstream.

Thanks go @Digital Brains for providing an undone version

UPDATE: For those whom installed the patched version - after you need to reinstall the patched version as the release version gets pulled in again.

UPDATE2: For those whom installed the patched version - after you need to reinstall the patched version as the release version gets pulled in again.

This applies to most/all eduroam servers (WPA2 Enterprise) as Radius cannot do RadSec without having both (client and server cert)

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by chemist
close date 2014-07-23 12:22:19.996388


Out of pure curiosity, was this bug filed at jolla yet?

ozzi ( 2014-04-15 15:20:44 +0300 )edit

@ozzi this here is "bug filed at jolla" - there is no other way than open a question in and mark it as bug (there is no public bugtracker or anything)

chemist ( 2014-04-15 15:48:06 +0300 )edit

Hoping for Jolla to fix this soon, because it really breaks an important functionality (even if it might not be their fault). I agree with others, that unless you really need it, it will be better to wait for an official patch or Sailfish update.

@Jolla: is there any way you could rollout small urgent, optional or mandatory patches independently of your main update releases?

melg01 ( 2014-04-16 15:46:48 +0300 )edit

Thx for UPDATE2 I don't understand, that the new version is still buggy, it's an easy fix, that shouldn't have happend!

dafeujolla ( 2014-06-10 18:07:24 +0300 )edit

I will try the current release as soon as I have a new device - I will close this if it is working with our network (some people seem to misunderstand that they did not need this patch if the server-cert is not a client-cert too)

chemist ( 2014-07-21 00:15:32 +0300 )edit

1 Answer

Sort by » oldest newest most voted

answered 2014-07-18 18:21:47 +0300

javispedro gravatar image

updated 2014-07-18 18:22:09 +0300

Ever since this seems have been fixed (or at least it works for me; it didn't work in 1.0.7). Is that the case for everyone?

edit flag offensive delete publish link more


not for me. before the up it worked with patched wpasupplicant. :(

NuklearFart ( 2014-07-18 19:20:35 +0300 )edit

Yup, eduroam at Aalto works fine now. No patched version of wpaspplicant in use before the update, not that that should matter?

larstiq ( 2014-07-18 19:38:26 +0300 )edit

I read a comment by @tigeli somewhere that a patched wpa_supplicant is no longer necessary. I have yet to try it myself, though.

nthn ( 2014-07-19 00:06:51 +0300 )edit

I still can't get WPA2 Enterprise to work in my company...

Settings: [wifi_5056a8015061_626c697a7a617264_managed_ieee8021x] Type=wifi Name=[SSID] EAP=peap Phase2=MSCHAPV2 AutoConnect=true Favorite=true CACertFile=/etc/ssl/certs/<certfile>.pem Identity=[username] Passphrase=[password] IPv4=dhcp IPv6=auto Frequency=2462 Modified=1970-01-01T00:00:00Z SSID=[SSID in hex] IPv4.method=dhcp IPv6.method=auto IPv6.privacy=disabled</certfile>

Anyone got any ideas to debug? I already tried adding "-dd" to the dbus config for wpa_supplicant, but I'm not really getting much extra debug (probably because CONFIG_DEBUG is not enabled). I'd rather not rebuild wpa_supplicant with debugging enabled if not needed. So any means of getting at least a determination of what's wrong is appreciated.

HIGHGuY ( 2014-07-19 10:25:35 +0300 )edit

still not working for me.

Foxping ( 2015-09-09 12:18:58 +0300 )edit

Question tools



Asked: 2014-04-14 11:22:55 +0300

Seen: 2,200 times

Last updated: Jul 18 '14