OpenSSL problem with xsupplicant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am attempting to use xsupplicant to connect my fedora 4 laptop to a Open /
static wep / eap-tls enabled cisco wireless network with Cisco ACS radius
server and a Microsoft CA, everything works fine if I just use wep and avoid EAP-TLS.

I have installed the latest madwifi rpms and xsupplicant-1.0.1-1 from
ATrpms.  I can connect to the network with just static wep (no eap-tls).

My xsupplicant configuration files seems to be correct, however my authentication requests fail during an openssl handshack to my radius server with the following error:

[AUTH TYPE]      --- SSL_verify : depth 1
[AUTH TYPE]      --- SSL_verify error : num=19:self signed certificate in
certificate chain:depth=1:/DC=org/DC=vmmc/DC=vmad/CN=vmad1
[AUTH TYPE]      --- SSL : SSLv3 read server certificate B
[AUTH TYPE]      --- ALERT : unknown CA
[AUTH TYPE]      --- SSL : SSLv3 read server certificate B
OpenSSL Error -- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failure!

This seems to be a common error for many programs that use openssl. I attempted to solve this by adding our Microsoft cert to /etc/pki/tls/certs as a hash. This change did allow openssl verify to confirm the certificate without error but did not appear to have any affect on xsupplicant.

I would think the above change would behave similarly to adding our
Microsoft CA to our Windows XP clients "Trusted root certificate
authorities" list, but it does not appear so.

Any suggestions would be most welcome.

Cheers,
Shane


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux