Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#982548: wpasupplicant: Missing support for WPA-EAP-SUITE-B(-192)
266 views
Skip to first unread message
Jan Fuchs
Feb 11, 2021, 11:10:03 AM2/11/21
to
Package: wpasupplicant
Version: 2:2.4-1
Severity: normal
Tags: patch
It was observed that Debian's wpa_supplicant is not able to connect to connect to networks with key_mgmt WPA-EAP-SUITE-B and/or WPA-EAP-SUITE-B-192 (aka WPA3-Enterprise 192-bit mode). The upstream wpa_supplicant supports this since 2.4. Following is seen when trying to load a config with this kind of configuration:
1613046731.169674: Line: 3 - start of a new network block
1613046731.169679: ssid - hexdump_ascii(len=11):
41 50 38 34 30 2d 57 50 41 32 33 AP840-WPA23
1613046731.169692: proto: 0x2
1613046731.169696: Line 9: invalid key_mgmt 'WPA-EAP-SUITE-B-192'
1613046731.169699: Line 9: no key_mgmt values configured.
1613046731.169701: key_mgmt: 0x0
1613046731.169704: Line 9: failed to parse key_mgmt 'WPA-EAP-SUITE-B-
192'.
1613046731.169708: ieee80211w=2 (0x2)
The used config was:
ctrl_interface=/run/wpa_supplicant
ctrl_interface_group=root
network={
ssid="AP840-WPA23"
scan_ssid=1
proto=RSN
key_mgmt=WPA-EAP-SUITE-B-192
ieee80211w=1
pairwise=GCMP-256
group=GCMP-256
group_mgmt=BIP-GMAC-256
eap=TLS
identity="anonymous"
ca_cert="/home/user/rsa3072-ca.crt"
client_cert="/home/user/rsa3072-user.crt"
private_key="/home/user/rsa3072-user.key"
private_key_passwd="wifi"
}
The problem can be solved by adding following two lines to the files in
debian/config/wpasupplicant/
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
This is also breaking the support for these kind of networks in
network-manager.
--
Jan Fuchs
development engineer
Simon Wunderlich Systementwicklung & Beratung
Herrenstr. 6, 08523 Plauen, VAT-ID: DE 279397655
Version: 2:2.4-1
Severity: normal
Tags: patch
It was observed that Debian's wpa_supplicant is not able to connect to connect to networks with key_mgmt WPA-EAP-SUITE-B and/or WPA-EAP-SUITE-B-192 (aka WPA3-Enterprise 192-bit mode). The upstream wpa_supplicant supports this since 2.4. Following is seen when trying to load a config with this kind of configuration:
1613046731.169674: Line: 3 - start of a new network block
1613046731.169679: ssid - hexdump_ascii(len=11):
41 50 38 34 30 2d 57 50 41 32 33 AP840-WPA23
1613046731.169692: proto: 0x2
1613046731.169696: Line 9: invalid key_mgmt 'WPA-EAP-SUITE-B-192'
1613046731.169699: Line 9: no key_mgmt values configured.
1613046731.169701: key_mgmt: 0x0
1613046731.169704: Line 9: failed to parse key_mgmt 'WPA-EAP-SUITE-B-
192'.
1613046731.169708: ieee80211w=2 (0x2)
The used config was:
ctrl_interface=/run/wpa_supplicant
ctrl_interface_group=root
network={
ssid="AP840-WPA23"
scan_ssid=1
proto=RSN
key_mgmt=WPA-EAP-SUITE-B-192
ieee80211w=1
pairwise=GCMP-256
group=GCMP-256
group_mgmt=BIP-GMAC-256
eap=TLS
identity="anonymous"
ca_cert="/home/user/rsa3072-ca.crt"
client_cert="/home/user/rsa3072-user.crt"
private_key="/home/user/rsa3072-user.key"
private_key_passwd="wifi"
}
The problem can be solved by adding following two lines to the files in
debian/config/wpasupplicant/
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
This is also breaking the support for these kind of networks in
network-manager.
--
Jan Fuchs
development engineer
Simon Wunderlich Systementwicklung & Beratung
Herrenstr. 6, 08523 Plauen, VAT-ID: DE 279397655
Andrej Shadura
Feb 12, 2021, 3:20:03 AM2/12/21
to
Control: tag -1 wontfix
Control: fixed -1 2:2.6-4
Hi,
On Thu, 11 Feb 2021, at 16:50, Jan Fuchs wrote:
> Package: wpasupplicant
> Version: 2:2.4-1
> Severity: normal
> Tags: patch
>
> It was observed that Debian's wpa_supplicant is not able to connect to
> connect to networks with key_mgmt WPA-EAP-SUITE-B and/or
> WPA-EAP-SUITE-B-192 (aka WPA3-Enterprise 192-bit mode). The upstream
> wpa_supplicant supports this since 2.4. Following is seen when trying
> to load a config with this kind of configuration:
I’m afraid 2:2.4-1 is part of Debian Stretch, which is no longer supported. You can, however, install a newer version from stretch-backports, but I’d rather recommend you to upgrade to Buster; please be aware that Bullseye is likely going to be released later this year.
Alternatively, the Debian LTS project might consider enabling this even though it’s not technically in their scope, as this is not a security issue (cc'ed the LTS mailing list), but I’m personally not interested in supporting such an old version.
--
Cheers,
Andrej
Control: fixed -1 2:2.6-4
Hi,
On Thu, 11 Feb 2021, at 16:50, Jan Fuchs wrote:
> Package: wpasupplicant
> Version: 2:2.4-1
> Severity: normal
> Tags: patch
>
> It was observed that Debian's wpa_supplicant is not able to connect to
> connect to networks with key_mgmt WPA-EAP-SUITE-B and/or
> WPA-EAP-SUITE-B-192 (aka WPA3-Enterprise 192-bit mode). The upstream
> wpa_supplicant supports this since 2.4. Following is seen when trying
> to load a config with this kind of configuration:
Alternatively, the Debian LTS project might consider enabling this even though it’s not technically in their scope, as this is not a security issue (cc'ed the LTS mailing list), but I’m personally not interested in supporting such an old version.
Cheers,
Andrej
Utkarsh Gupta
Feb 12, 2021, 4:00:04 AM2/12/21
to
Hi Thorsten,
On Fri, Feb 12, 2021 at 2:03 PM Andrej Shadura <and...@shadura.me> wrote:
> > It was observed that Debian's wpa_supplicant is not able to connect to
> > connect to networks with key_mgmt WPA-EAP-SUITE-B and/or
> > WPA-EAP-SUITE-B-192 (aka WPA3-Enterprise 192-bit mode). The upstream
> > wpa_supplicant supports this since 2.4. Following is seen when trying
> > to load a config with this kind of configuration:
>
> I’m afraid 2:2.4-1 is part of Debian Stretch, which is no longer supported.
> You can, however, install a newer version from stretch-backports, but I’d
> rather recommend you to upgrade to Buster; please be aware that Bullseye
> is likely going to be released later this year.
>
> Alternatively, the Debian LTS project might consider enabling this even
> though it’s not technically in their scope, as this is not a security issue
> (cc'ed the LTS mailing list), but I’m personally not interested in supporting
> such an old version.
Whilst working on the security update for stretch, do you think you
can accommodate this request for a bug fix as well?
- u
On Fri, Feb 12, 2021 at 2:03 PM Andrej Shadura <and...@shadura.me> wrote:
> > It was observed that Debian's wpa_supplicant is not able to connect to
> > connect to networks with key_mgmt WPA-EAP-SUITE-B and/or
> > WPA-EAP-SUITE-B-192 (aka WPA3-Enterprise 192-bit mode). The upstream
> > wpa_supplicant supports this since 2.4. Following is seen when trying
> > to load a config with this kind of configuration:
>
> I’m afraid 2:2.4-1 is part of Debian Stretch, which is no longer supported.
> You can, however, install a newer version from stretch-backports, but I’d
> rather recommend you to upgrade to Buster; please be aware that Bullseye
> is likely going to be released later this year.
>
> Alternatively, the Debian LTS project might consider enabling this even
> though it’s not technically in their scope, as this is not a security issue
> (cc'ed the LTS mailing list), but I’m personally not interested in supporting
> such an old version.
can accommodate this request for a bug fix as well?
- u
Sven Eckelmann
Feb 12, 2021, 4:10:03 AM2/12/21
to
Control: tags -1 - wontfix
Control: reopen -1
On Fri, 12 Feb 2021 09:14:56 +0100 "Andrej Shadura" <and...@shadura.me> wrote:
> Control: tag -1 wontfix
> Control: fixed -1 2:2.6-4
[...]
The version specified the first version where the problem was found. The
problem was not fixed since then. Just tested it here with wpasupplicant
2:2.9.0-16.
Line 6: invalid key_mgmt 'WPA-EAP-SUITE-B-192'
Line 6: no key_mgmt values configured.
Line 6: failed to parse key_mgmt 'WPA-EAP-SUITE-B-192'.
Line 17: failed to parse network block.
So I've just reopened the bug. And all affected versions are shown in this
nice graph in the bug ticket. So as you you can see, the provided info
even helps you to figure out what is affected - even when you will most likely
fix only the problem for unstable.
Kind regards,
Sven
Control: reopen -1
On Fri, 12 Feb 2021 09:14:56 +0100 "Andrej Shadura" <and...@shadura.me> wrote:
> Control: tag -1 wontfix
> Control: fixed -1 2:2.6-4
The version specified the first version where the problem was found. The
problem was not fixed since then. Just tested it here with wpasupplicant
2:2.9.0-16.
Line 6: invalid key_mgmt 'WPA-EAP-SUITE-B-192'
Line 6: no key_mgmt values configured.
Line 6: failed to parse key_mgmt 'WPA-EAP-SUITE-B-192'.
Line 17: failed to parse network block.
So I've just reopened the bug. And all affected versions are shown in this
nice graph in the bug ticket. So as you you can see, the provided info
even helps you to figure out what is affected - even when you will most likely
fix only the problem for unstable.
Kind regards,
Sven
Sven Eckelmann
Feb 12, 2021, 4:20:03 AM2/12/21
to
On Friday, 12 February 2021 09:48:12 CET Utkarsh Gupta wrote:
> Hi Thorsten,
[...]
(2:2.9.0+git20200517+dd2daf0-1). So I not sure that LTS should do it before
the wpasupplicant maintainers fixed it in the first place.
Kind regards,
Sven
> Hi Thorsten,
[...]
> Whilst working on the security update for stretch, do you think you
> can accommodate this request for a bug fix as well?
Unfortunately, it is not even fixed in unstable (2:2.9.0-17) nor experimental
> can accommodate this request for a bug fix as well?
(2:2.9.0+git20200517+dd2daf0-1). So I not sure that LTS should do it before
the wpasupplicant maintainers fixed it in the first place.
Kind regards,
Sven
Andrej Shadura
Feb 12, 2021, 4:30:03 AM2/12/21
to
Hi,
On Fri, 12 Feb 2021, at 09:58, Sven Eckelmann wrote:
> Control: tags -1 - wontfix
> Control: reopen -1
>
> On Fri, 12 Feb 2021 09:14:56 +0100 "Andrej Shadura" <and...@shadura.me> wrote:
> > Control: tag -1 wontfix
> > Control: fixed -1 2:2.6-4
> [...]
>
> The version specified the first version where the problem was found. The
> problem was not fixed since then. Just tested it here with wpasupplicant
> 2:2.9.0-16.
As I was not aware of this, what I did at that moment was right. My understanding is that this option has been enabled by default since 2.5 upstream. I’m not sure why it fails for you.
> Line 6: invalid key_mgmt 'WPA-EAP-SUITE-B-192'
> Line 6: no key_mgmt values configured.
> Line 6: failed to parse key_mgmt 'WPA-EAP-SUITE-B-192'.
> Line 17: failed to parse network block.
>
> So I've just reopened the bug. And all affected versions are shown in this
> nice graph in the bug ticket. So as you you can see, the provided info
> even helps you to figure out what is affected - even when you will most likely
> fix only the problem for unstable.
--
Cheers,
Andrej
On Fri, 12 Feb 2021, at 09:58, Sven Eckelmann wrote:
> Control: tags -1 - wontfix
> Control: reopen -1
>
> On Fri, 12 Feb 2021 09:14:56 +0100 "Andrej Shadura" <and...@shadura.me> wrote:
> > Control: tag -1 wontfix
> > Control: fixed -1 2:2.6-4
> [...]
>
> The version specified the first version where the problem was found. The
> problem was not fixed since then. Just tested it here with wpasupplicant
> 2:2.9.0-16.
> Line 6: invalid key_mgmt 'WPA-EAP-SUITE-B-192'
> Line 6: no key_mgmt values configured.
> Line 6: failed to parse key_mgmt 'WPA-EAP-SUITE-B-192'.
> Line 17: failed to parse network block.
>
> So I've just reopened the bug. And all affected versions are shown in this
> nice graph in the bug ticket. So as you you can see, the provided info
> even helps you to figure out what is affected - even when you will most likely
> fix only the problem for unstable.
Cheers,
Andrej
0 new messages