Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1011121: wpasupplicant linked with libssl3 can't connect to wifi (both MSCHAPv2 and WPA)
121 views
Skip to first unread message
Krzysztof Krzyżaniak
May 17, 2022, 5:10:04 AM5/17/22
to
Package: wpasupplicant
Version: 2:2.10-9+b1
Severity: important
Dear Maintainer,
* What led up to the situation?
Upgrade to 2:2.10-9+b1 which is linked to libssl3
* What exactly did you do (or not do) that was effective (or
ineffective)?
Downgrading to 2:2.10-9 resolves problem.
Session with 2:2.10-9+b1
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=f0:3e:90:6f:54:dc reason=23
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: BSSID f0:3e:90:6f:54:dc ignore list count incremented to 2, ignoring for 10 seconds
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=2 duration=25 reason=CONN_FAILED
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=f0:3e:90:6f:54:dc reason=23
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: BSSID f0:3e:90:6f:54:dc ignore list count incremented to 2, ignoring for 10 seconds
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=2 duration=22 reason=CONN_FAILED
Session with 2:2.10-9
May 17 09:56:00 pozdl0510 wpa_supplicant[9921]: Successfully initialized wpa_supplicant
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=COUNTRY alpha2=PL
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:25066067:DSO support routines:dlfcn_load:could not load the shared library
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:25070067:DSO support routines:DSO_load:could not load the shared library
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:0E07506E:configuration file routines:module_load_dso:error loading dso
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:0E076071:configuration file routines:module_run:unknown module name
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:56:05 pozdl0510 wpa_supplicant[9921]: EAP-MSCHAPV2: Authentication succeeded
May 17 09:56:05 pozdl0510 wpa_supplicant[9921]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: PMKSA-CACHE-ADDED f0:3e:90:6f:54:dc 0
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: WPA: Key negotiation completed with f0:3e:90:6f:54:dc [PTK=CCMP GTK=CCMP]
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-CONNECTED - Connection to f0:3e:90:6f:54:dc completed [id=0 id_str=]
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-55 noise=9999 txrate=234000
eloy
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-2-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wpasupplicant depends on:
ii adduser 3.121
ii libc6 2.33-7
ii libdbus-1-3 1.14.0-1
ii libnl-3-200 3.5.0-0.1
ii libnl-genl-3-200 3.5.0-0.1
ii libnl-route-3-200 3.5.0-0.1
ii libpcsclite1 1.9.7-1
ii libreadline8 8.1.2-1.2
ii libssl1.1 1.1.1o-1
ii lsb-base 11.1.0
wpasupplicant recommends no packages.
Versions of packages wpasupplicant suggests:
pn libengine-pkcs11-openssl <none>
pn wpagui <none>
-- no debconf information
Version: 2:2.10-9+b1
Severity: important
Dear Maintainer,
* What led up to the situation?
Upgrade to 2:2.10-9+b1 which is linked to libssl3
* What exactly did you do (or not do) that was effective (or
ineffective)?
Downgrading to 2:2.10-9 resolves problem.
Session with 2:2.10-9+b1
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=f0:3e:90:6f:54:dc reason=23
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: BSSID f0:3e:90:6f:54:dc ignore list count incremented to 2, ignoring for 10 seconds
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=2 duration=25 reason=CONN_FAILED
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=f0:3e:90:6f:54:dc reason=23
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: BSSID f0:3e:90:6f:54:dc ignore list count incremented to 2, ignoring for 10 seconds
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=2 duration=22 reason=CONN_FAILED
Session with 2:2.10-9
May 17 09:56:00 pozdl0510 wpa_supplicant[9921]: Successfully initialized wpa_supplicant
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=COUNTRY alpha2=PL
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:25066067:DSO support routines:dlfcn_load:could not load the shared library
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:25070067:DSO support routines:DSO_load:could not load the shared library
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:0E07506E:configuration file routines:module_load_dso:error loading dso
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:0E076071:configuration file routines:module_run:unknown module name
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:56:05 pozdl0510 wpa_supplicant[9921]: EAP-MSCHAPV2: Authentication succeeded
May 17 09:56:05 pozdl0510 wpa_supplicant[9921]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: PMKSA-CACHE-ADDED f0:3e:90:6f:54:dc 0
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: WPA: Key negotiation completed with f0:3e:90:6f:54:dc [PTK=CCMP GTK=CCMP]
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-CONNECTED - Connection to f0:3e:90:6f:54:dc completed [id=0 id_str=]
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-55 noise=9999 txrate=234000
eloy
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-2-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wpasupplicant depends on:
ii adduser 3.121
ii libc6 2.33-7
ii libdbus-1-3 1.14.0-1
ii libnl-3-200 3.5.0-0.1
ii libnl-genl-3-200 3.5.0-0.1
ii libnl-route-3-200 3.5.0-0.1
ii libpcsclite1 1.9.7-1
ii libreadline8 8.1.2-1.2
ii libssl1.1 1.1.1o-1
ii lsb-base 11.1.0
wpasupplicant recommends no packages.
Versions of packages wpasupplicant suggests:
pn libengine-pkcs11-openssl <none>
pn wpagui <none>
-- no debconf information
Sebastien Bacher
May 17, 2022, 8:50:04 AM5/17/22
to
Hey,
Le 17/05/2022 à 11:25, Andrej Shadura a
écrit :
Interesting. I thought the patch from Ubuntu should have prevented this from happening. Sebastien, what do you think?
No, the patch which was included in -9 fixes the case where the
error was
OpenSSL: openssl_handshake - SSL_connect error:...:SSL
routines::unsafe legacy renegotiation disabled
here it is
OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL
routines::internal error
Which seems similar to
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267 ,
relevant description
'check whether your radius server possibly only supports TLS 1.1
or older. Those servers would default to rsa_pkcs1_md5_sha1 as TLS
signature algorithm, which does not meet the 80 bits of security
requirement of OpenSSL 3's default SECLEVEL of 1.
Try setting SECLEVEL to 0 to
see if that fixes the issue for you. Talk to your Radius server
administrator to recommend they offer TLS 1.2 or higher.'
You can try to workaround by creating a
/etc/wpa_supplicant/openssl.cnf config with DEFAULT@SECLEVEL=0 as
described on the launchpad report
It was also discussed on
https://bugzilla.redhat.com/show_bug.cgi?id=2069239 and fedora
fixed it with this openssl change
https://src.fedoraproject.org/rpms/openssl/c/efdb8c60
Cheers,
Sebastien Bacher
Sebastien Bacher
May 31, 2022, 10:40:04 AM5/31/22
to
Hey there,
As a FYI I started a discussion upstream to suggest to lower the
security level to 0 for TLS <= 1.1, a patch has been proposed which I
uploaded to Ubuntu kinetic now to get some more user testing on the solution
http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
I will keep the Debian bug updated once the package in ubuntu got some
testing
As a FYI I started a discussion upstream to suggest to lower the
security level to 0 for TLS <= 1.1, a patch has been proposed which I
uploaded to Ubuntu kinetic now to get some more user testing on the solution
http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
I will keep the Debian bug updated once the package in ubuntu got some
testing
Eric Valette
Aug 25, 2022, 11:40:03 AM8/25/22
to
It tried all the tricks related to openssl.cnt (SECPOLICY 0,
allowunsecure retry, ...) and still get this message.
WPA2 enterprisese and 801.x, certificate on a USB dongle.
Works as long as I keep everything build with ssl1.1.
--eric
allowunsecure retry, ...) and still get this message.
WPA2 enterprisese and 801.x, certificate on a USB dongle.
Works as long as I keep everything build with ssl1.1.
--eric
Nathan Teodosio
Jan 26, 2023, 11:30:05 AM1/26/23
to
Just a heads up that Ubuntu has had the patch (attached for convenience)
for some months already[1].
[1]: https://launchpad.net/bugs/1958267
for some months already[1].
[1]: https://launchpad.net/bugs/1958267
eric2....@orange.com
Jan 31, 2023, 5:40:05 AM1/31/23
to
Hi,
Apparently there are lintian errors that prevent the rebuild to
suceed... I would like to avoid applying patches by myself and rebuilding.
-- eric
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
Apparently there are lintian errors that prevent the rebuild to
suceed... I would like to avoid applying patches by myself and rebuilding.
-- eric
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
0 new messages