Bad error message for mismatched keys

Bug #597050 reported by Darxus on 2010-06-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wpasupplicant (Ubuntu)

Bug Description

Binary package hint: wpasupplicant

wpa supplicant wasn't working. Logs showed this:

OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

You would think that my problem was something about a wrong tag on my client cert. Nope. Still don't know what a "tag" is.

OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) failed error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag

So maybe it's a "bad tag" on my private key? Nope. Turns out my keys are PEM keys, which is different from DER keys, and it just decided to try DER first and the fact that it failed was harmless.

Third error:

OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (PEM) failed error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

What's a freaking key value mismatch?

That blew a few hours.

It meant I had the path to my private key pointing to the wrong (old) file, so it didn't match the new client certificate? Updating the path to the private key file fixed it.

Suggested changes:

1) Change errors on failing to load PEM keys as DER keys to indicate that it's not actually a fatal error.

2) Replacing "key value mismatch" with something like "private key <path/to/file> does not match client certificate <path/to/file>" would be nice. Preferably with some description of the way in which they do not match.

Oh yeah, it would also be nice if wpa supplicant logged at all by default.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: wpasupplicant 0.6.9-3ubuntu3 [modified: usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service]
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
Date: Mon Jun 21 18:05:44 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
 PATH=(custom, user)
SourcePackage: wpasupplicant

Darxus (darxus) wrote :

Triaged: there's a patch available from upstream. This needs to be checked whether it affects Maverick and Natty as well.

Changed in wpasupplicant (Ubuntu):
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers