Public bug reported:
Binary package hint: network-manager
I'm opening this bug at the request of Alexander Sack (see bug #
272185). I originally reported this issue under bug 272185, but it
seems like my issue may be a different bug.
My wireless card is an Intel 3945 (iwl3945 module), but I have the same
isue if I use a ZD1211 USB wireless card, so I don't believe this is a
driver/kernel bug. Because wpa_supplicant from the command line works
OK (see below), I think this is a network-manager issue. I am running
8.10 (Intrepid) with all updates applied.
If I include my CA cert in the network-manger applet configuration, I
cannot connect to my university's wireless network (WPA-EAP TLS). If I
remove the CA cert from the applet configuration, then I am able to
connect.
>From wpa_supplicant.log, when I try to connect using the CA cert:
CTRL-EVENT-SCAN-RESULTS
Associated with 00:18:74:c7:da:31
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
TLS: Certificate verification failed, error 19 (self signed certificate in
certificate chain) depth 2 for '/DC=edu/DC=marshall/CN=Marshall University Root
CA'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
TLS: Certificate verification failed, error 19 (self signed certificate in
certificate chain) depth 2 for '/DC=edu/DC=marshall/CN=Marshall University Root
CA'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
TLS: Certificate verification failed, error 19 (self signed certificate in
certificate chain) depth 2 for '/DC=edu/DC=marshall/CN=Marshall University Root
CA'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
>From wpa_supplicant.log after I remove the CA cert:
CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:18:74:c7:da:31 (SSID='MU WiFi' freq=2462 MHz)
Authentication with 00:18:74:c7:da:31 timed out.
CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:18:74:f8:1e:b1 (SSID='MU WiFi' freq=2462 MHz)
Associated with 00:18:74:f8:1e:b1
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
OpenSSL: tls_connection_handshake - Failed to read possible Application Data
error:00000000:lib(0):func(0):reason(0)
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:18:74:f8:1e:b1 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:18:74:f8:1e:b1 completed (auth) [id=0
id_str=]
If I use wpa_supplicant from the command line, then I am able to connect
even when using my CA cert. My wpa_supplicant.conf:
# WPA-EAP/CCMP using EAP-TLS
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
network={
ssid="MU WiFi"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=TKIP CCMP
group=TKIP CCMP
eap=TLS
identity="xxxxxxxx"
ca_cert="/etc/certs/MU_CA_cert.pem"
client_cert="/etc/certs/MU_user_cert.pem"
private_key="/etc/certs/MU_user_key.pem"
private_key_passwd="xxxxxxxxxx"
}
When I try to connect using network-manager and my CA cert, syslog shows these
errors (similar to bug # 272185):
Nov 3 13:40:12 skink NetworkManager: <info> wlan0: link timed out.
Nov 3 13:40:32 skink kernel: [151455.413757] wlan0: disassociating by local
choice (reason=3)
Nov 3 13:40:32 skink NetworkManager: <info> Activation (wlan0/wireless):
association took too long.
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
--
network manager (WPA-EAP TLS) fails - can't use CA certificate
https://bugs.launchpad.net/bugs/293238
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
