network manager (WPA-EAP TLS) fails - can't use CA certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: network-manager
I'm opening this bug at the request of Alexander Sack (see bug # 272185). I originally reported this issue under bug 272185, but it seems like my issue may be a different bug.
My wireless card is an Intel 3945 (iwl3945 module), but I have the same isue if I use a ZD1211 USB wireless card, so I don't believe this is a driver/kernel bug. Because wpa_supplicant from the command line works OK (see below), I think this is a network-manager issue. I am running 8.10 (Intrepid) with all updates applied.
If I include my CA cert in the network-manger applet configuration, I cannot connect to my university's wireless network (WPA-EAP TLS). If I remove the CA cert from the applet configuration, then I am able to connect.
From wpa_supplicant.log, when I try to connect using the CA cert:
CTRL-EVENT-
Associated with 00:18:74:c7:da:31
CTRL-EVENT-
CTRL-EVENT-
TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 2 for '/DC=edu/
SSL: SSL3 alert: write (local SSL3 detected an error):
OpenSSL: tls_connection_
CTRL-EVENT-
CTRL-EVENT-
CTRL-EVENT-
TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 2 for '/DC=edu/
SSL: SSL3 alert: write (local SSL3 detected an error):
OpenSSL: tls_connection_
CTRL-EVENT-
CTRL-EVENT-
CTRL-EVENT-
TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 2 for '/DC=edu/
SSL: SSL3 alert: write (local SSL3 detected an error):
OpenSSL: tls_connection_
CTRL-EVENT-
From wpa_supplicant.log after I remove the CA cert:
CTRL-EVENT-
Trying to associate with 00:18:74:c7:da:31 (SSID='MU WiFi' freq=2462 MHz)
Authentication with 00:18:74:c7:da:31 timed out.
CTRL-EVENT-
Trying to associate with 00:18:74:f8:1e:b1 (SSID='MU WiFi' freq=2462 MHz)
Associated with 00:18:74:f8:1e:b1
CTRL-EVENT-
CTRL-EVENT-
OpenSSL: tls_connection_
CTRL-EVENT-
WPA: Key negotiation completed with 00:18:74:f8:1e:b1 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-
If I use wpa_supplicant from the command line, then I am able to connect even when using my CA cert. My wpa_supplicant.
# WPA-EAP/CCMP using EAP-TLS
ctrl_interface=
ap_scan=1
network={
ssid="MU WiFi"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=TKIP CCMP
group=TKIP CCMP
eap=TLS
identity=
ca_cert=
client_
private_
private_
}
When I try to connect using network-manager and my CA cert, syslog shows these errors (similar to bug # 272185):
Nov 3 13:40:12 skink NetworkManager: <info> wlan0: link timed out.
Nov 3 13:40:32 skink kernel: [151455.413757] wlan0: disassociating by local choice (reason=3)
Nov 3 13:40:32 skink NetworkManager: <info> Activation (wlan0/wireless): association took too long.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Could you please add the /var/log/syslog to your bug report as an attachment? Also you can submit more information for it by looking to https:/ /wiki.ubuntu. com/DebuggingNe tworkManager , Thanks in advance.