Re: openssl error while retreaving key from smartcard from wpa_supplicant?

Tue, 26 Jun 2007 03:39:58 -0700 

En/na Marek Marcola ha escrit:
> Hello,
>   
>> I'm currently trying to authenticate using EAP-TLS using smartcard with
>> wpa_supplicant and I get this error:
>>
>> OpenSSL: tls_connection_engine_private_key - Private key failed
>> verification error:140A30B1:SSL routines:SSL_check_private_key:no
>> certificate assigned
>>
>> I got some messages "Error: can't open /var/run/openct/status: No such
>> file or directory" but I get these messages always when I use my
>> smartcard reader (and it works).
>>
>>     
> Looks like you have not configured X509 private key certificate.
>
>   
>> plain text document attachment (wpa_supplicant.conf)
>> ctrl_interface=/var/run/wpa_supplicant
>> ctrl_interface_group=0
>> eapol_version=1
>> fast_reauth=1
>> pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
>> pkcs11_module_path=/usr/lib/opensc-pkcs11.so
>>
>> network={
>>         ssid="*****"
>>         key_mgmt=WPA-EAP
>>         eap=TLS
>>         proto=WPA
>>         pairwise=TKIP
>>         group=TKIP
>>         identity="[EMAIL PROTECTED]"
>>         ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt"
>>         #client_cert="/etc/cert/user.pem"
>>     
> I'm not sure but this maybe the place to configure certificate.
> You should have your private key certificate. This certificate may be
> located in plain file. To check that your certificate certifies proper
> private key you may do something like that (test example):
>   
That's the point : I have the private key certificate stored in the
smartcard, not located in a plain file. That's why I commented the line
above.

> $ openssl rsa -engine chil -in rsa-test2 -inform engine -modulus -noout
> engine "chil" set.
> Modulus=D14731D19EF32A3D458EE61B219A0E019...
> $ openssl x509 -in rsa-test2-crt.pem -modulus -noout
> Modulus=D14731D19EF32A3D458EE61B219A0E019
>
> and you should get the same numbers.
>
>   
I've tried in all ways to try this with the pkcs11 module to use my
smartcard to do the test but I didn't reach. Maybe the structure is
different when not operating with files.
> Best regards,
>   
Thank you for your effort!

-- 

......................................................................
         __
        / /          Carles Fernàndez
  C E / S / C A      Dept. de Comunicacions
      /_/            Centre de Supercomputació de Catalunya

  Gran Capità, 2-4 (Edifici Nexus) · 08034 Barcelona
  T. 93 205 6464 · F.  93 205 6979 · [EMAIL PROTECTED]
...................................................................... 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to