Debian Bug report logs - #1011121
wpasupplicant linked with libssl3 can't connect to wifi (both MSCHAPv2 and WPA)

version graph

Package: wpasupplicant; Maintainer for wpasupplicant is Debian wpasupplicant Maintainers <wpa@packages.debian.org>; Source for wpasupplicant is src:wpa (PTS, buildd, popcon).

Reported by: Krzysztof Krzyżaniak (eloy) <eloy@debian.org>

Date: Tue, 17 May 2022 09:09:01 UTC

Severity: important

Tags: patch

Found in version wpa/2:2.10-9

Fixed in version wpa/2:2.10-11

Done: Andrej Shadura <andrewsh@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#1011121; Package wpasupplicant. (Tue, 17 May 2022 09:09:04 GMT) (full text, mbox, link).


Acknowledgement sent to Krzysztof Krzyżaniak (eloy) <eloy@debian.org>:
New Bug report received and forwarded. Copy sent to Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Tue, 17 May 2022 09:09:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Krzysztof Krzyżaniak (eloy) <eloy@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wpasupplicant linked with libssl3 can't connect to wifi (both MSCHAPv2 and WPA)
Date: Tue, 17 May 2022 11:02:27 +0200
Package: wpasupplicant
Version: 2:2.10-9+b1
Severity: important

Dear Maintainer,

   * What led up to the situation?
   
Upgrade to 2:2.10-9+b1 which is linked to libssl3

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
     
Downgrading to 2:2.10-9 resolves problem.


Session with 2:2.10-9+b1

May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=f0:3e:90:6f:54:dc reason=23
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: BSSID f0:3e:90:6f:54:dc ignore list count incremented to 2, ignoring for 10 seconds
May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=2 duration=25 reason=CONN_FAILED
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:53:34 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=f0:3e:90:6f:54:dc reason=23
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: BSSID f0:3e:90:6f:54:dc ignore list count incremented to 2, ignoring for 10 seconds
May 17 09:53:35 pozdl0510 wpa_supplicant[941]: wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=2 duration=22 reason=CONN_FAILED


Session with 2:2.10-9

May 17 09:56:00 pozdl0510 wpa_supplicant[9921]: Successfully initialized wpa_supplicant
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=COUNTRY alpha2=PL
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: SME: Trying to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: Trying to associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: Associated with f0:3e:90:6f:54:dc
May 17 09:56:03 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:25066067:DSO support routines:dlfcn_load:could not load the shared library
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:25070067:DSO support routines:DSO_load:could not load the shared library
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:0E07506E:configuration file routines:module_load_dso:error loading dso
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: tls_connection_set_params: Clearing pending SSL error: error:0E076071:configuration file routines:module_run:unknown module name
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
May 17 09:56:04 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
May 17 09:56:05 pozdl0510 wpa_supplicant[9921]: EAP-MSCHAPV2: Authentication succeeded
May 17 09:56:05 pozdl0510 wpa_supplicant[9921]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: PMKSA-CACHE-ADDED f0:3e:90:6f:54:dc 0
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: WPA: Key negotiation completed with f0:3e:90:6f:54:dc [PTK=CCMP GTK=CCMP]
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-CONNECTED - Connection to f0:3e:90:6f:54:dc completed [id=0 id_str=]
May 17 09:56:06 pozdl0510 wpa_supplicant[9921]: wlp0s20f3: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-55 noise=9999 txrate=234000

  eloy
  
-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.17.0-2-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages wpasupplicant depends on:
ii  adduser            3.121
ii  libc6              2.33-7
ii  libdbus-1-3        1.14.0-1
ii  libnl-3-200        3.5.0-0.1
ii  libnl-genl-3-200   3.5.0-0.1
ii  libnl-route-3-200  3.5.0-0.1
ii  libpcsclite1       1.9.7-1
ii  libreadline8       8.1.2-1.2
ii  libssl1.1          1.1.1o-1
ii  lsb-base           11.1.0

wpasupplicant recommends no packages.

Versions of packages wpasupplicant suggests:
pn  libengine-pkcs11-openssl  <none>
pn  wpagui                    <none>

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#1011121; Package wpasupplicant. (Tue, 17 May 2022 09:30:03 GMT) (full text, mbox, link).


Acknowledgement sent to "Andrej Shadura" <andrew@shadura.me>:
Extra info received and forwarded to list. Copy sent to Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Tue, 17 May 2022 09:30:03 GMT) (full text, mbox, link).


Message #10 received at 1011121@bugs.debian.org (full text, mbox, reply):

From: "Andrej Shadura" <andrew@shadura.me>
To: Krzysztof Krzyżaniak <eloy@debian.org>, 1011121@bugs.debian.org
Cc: "Sebastien Bacher" <seb128@ubuntu.com>
Subject: Re: Bug#1011121: wpasupplicant linked with libssl3 can't connect to wifi (both MSCHAPv2 and WPA)
Date: Tue, 17 May 2022 11:25:59 +0200
Hi,

On Tue, 17 May 2022, at 11:02, Krzysztof Krzyżaniak wrote:
>    * What led up to the situation?
>   
> Upgrade to 2:2.10-9+b1 which is linked to libssl3
>
>    * What exactly did you do (or not do) that was effective (or
>      ineffective)?
>     
> Downgrading to 2:2.10-9 resolves problem.

Interesting. I thought the patch from Ubuntu should have prevented this from happening. Sebastien, what do you think?

> Session with 2:2.10-9+b1
>
> May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: SME: Trying 
> to authenticate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
> May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Trying to 
> associate with f0:3e:90:6f:54:dc (SSID='egn_secure' freq=5500 MHz)
> May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: Associated 
> with f0:3e:90:6f:54:dc
> May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
> May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-EAP-STARTED EAP authentication started
> May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
> May 17 09:53:09 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-EAP-PEER-CERT depth=1 
> subject='/DC=com/DC=egnyte-it/CN=egnyte-it-AM2VS26-CA' 
> hash=38d8e01ab059517cbca34030017a6e683618f0b38b85c9d7432bc9618c81e939
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=EG-AD01.egnyte-it.com' 
> hash=c17a8bb4e155b57a710ff8a4970d0c29e0cce1501a843da21ee826b3f499812a
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:EG-AD01.egnyte-it.com
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: SSL: SSL3 alert: write 
> (local SSL3 detected an error):fatal:internal error
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: OpenSSL: 
> openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal 
> error
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-EAP-FAILURE EAP authentication failed
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-DISCONNECTED bssid=f0:3e:90:6f:54:dc reason=23
> May 17 09:53:10 pozdl0510 wpa_supplicant[941]: wlp0s20f3: 
> CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="egn_secure" auth_failures=1 
> duration=10 reason=AUTH_FAILED

<…>

> Versions of packages wpasupplicant depends on:
> ii  adduser            3.121
> ii  libc6              2.33-7
> ii  libdbus-1-3        1.14.0-1
> ii  libnl-3-200        3.5.0-0.1
> ii  libnl-genl-3-200   3.5.0-0.1
> ii  libnl-route-3-200  3.5.0-0.1
> ii  libpcsclite1       1.9.7-1
> ii  libreadline8       8.1.2-1.2
> ii  libssl1.1          1.1.1o-1
> ii  lsb-base           11.1.0
>
> wpasupplicant recommends no packages.
>
> Versions of packages wpasupplicant suggests:
> pn  libengine-pkcs11-openssl  <none>
> pn  wpagui                    <none>
>
> -- no debconf information

-- 
Cheers,
  Andrej



Information forwarded to debian-bugs-dist@lists.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#1011121; Package wpasupplicant. (Tue, 17 May 2022 12:48:03 GMT) (full text, mbox, link).


Acknowledgement sent to Sebastien Bacher <seb128@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Tue, 17 May 2022 12:48:03 GMT) (full text, mbox, link).


Message #15 received at 1011121@bugs.debian.org (full text, mbox, reply):

From: Sebastien Bacher <seb128@ubuntu.com>
To: Andrej Shadura <andrew@shadura.me>, Krzysztof Krzyżaniak <eloy@debian.org>, 1011121@bugs.debian.org
Subject: Re: Bug#1011121: wpasupplicant linked with libssl3 can't connect to wifi (both MSCHAPv2 and WPA)
Date: Tue, 17 May 2022 14:44:01 +0200
[Message part 1 (text/plain, inline)]
Hey,

Le 17/05/2022 à 11:25, Andrej Shadura a écrit :
> Interesting. I thought the patch from Ubuntu should have prevented this from happening. Sebastien, what do you think?

No, the patch which was included in -9 fixes the case where the error was

OpenSSL: openssl_handshake - SSL_connect error:...:SSL routines::unsafe 
legacy renegotiation disabled

here it is

OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL 
routines::internal error

Which seems similar to 
https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267 , relevant 
description

'check whether your radius server possibly only supports TLS 1.1 or 
older. Those servers would default to rsa_pkcs1_md5_sha1 as TLS 
signature algorithm, which does not meet the 80 bits of security 
requirement of OpenSSL 3's default SECLEVEL of 1.

Try setting SECLEVEL to 0 to see if that fixes the issue for you. Talk 
to your Radius server administrator to recommend they offer TLS 1.2 or 
higher.'

You can try to workaround by creating a /etc/wpa_supplicant/openssl.cnf 
config with DEFAULT@SECLEVEL=0 as described on the launchpad report

It was also  discussed on 
https://bugzilla.redhat.com/show_bug.cgi?id=2069239 and fedora fixed it 
with this openssl change
https://src.fedoraproject.org/rpms/openssl/c/efdb8c60

Cheers,
Sebastien Bacher
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#1011121; Package wpasupplicant. (Tue, 31 May 2022 14:33:03 GMT) (full text, mbox, link).


Acknowledgement sent to Sebastien Bacher <seb128@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Tue, 31 May 2022 14:33:03 GMT) (full text, mbox, link).


Message #20 received at 1011121@bugs.debian.org (full text, mbox, reply):

From: Sebastien Bacher <seb128@ubuntu.com>
To: 1011121@bugs.debian.org
Subject: Re: Bug#1011121: Info received (Bug#1011121: wpasupplicant linked with libssl3 can't connect to wifi (both MSCHAPv2 and WPA))
Date: Tue, 31 May 2022 16:30:52 +0200
Hey there,

As a FYI I started a discussion upstream to suggest to lower the 
security level to 0 for TLS <= 1.1, a patch has been proposed which I 
uploaded to Ubuntu kinetic now to get some more user testing on the solution
http://lists.infradead.org/pipermail/hostap/2022-May/040571.html

I will keep the Debian bug updated once the package in ubuntu got some 
testing




Information forwarded to debian-bugs-dist@lists.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#1011121; Package wpasupplicant. (Thu, 25 Aug 2022 15:39:05 GMT) (full text, mbox, link).


Acknowledgement sent to eric.valette@free.fr:
Extra info received and forwarded to list. Copy sent to Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Thu, 25 Aug 2022 15:39:05 GMT) (full text, mbox, link).


Message #25 received at 1011121@bugs.debian.org (full text, mbox, reply):

From: Eric Valette <eric.valette@free.fr>
To: 1011121@bugs.debian.org
Subject: Confirmed on debian unstable with commercial enterprise access point
Date: Thu, 25 Aug 2022 17:35:49 +0200
It tried all the tricks related to openssl.cnt (SECPOLICY 0, 
allowunsecure retry, ...) and still get this message.

WPA2 enterprisese and 801.x, certificate on a USB dongle.

Works as long as I keep everything build with ssl1.1.

--eric



Information forwarded to debian-bugs-dist@lists.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#1011121; Package wpasupplicant. (Thu, 26 Jan 2023 16:21:02 GMT) (full text, mbox, link).


Acknowledgement sent to Nathan Teodosio <nathan.teodosio@canonical.com>:
Extra info received and forwarded to list. Copy sent to Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Thu, 26 Jan 2023 16:21:02 GMT) (full text, mbox, link).


Message #30 received at 1011121@bugs.debian.org (full text, mbox, reply):

From: Nathan Teodosio <nathan.teodosio@canonical.com>
To: 1011121@bugs.debian.org
Subject: Ubuntu has a patch
Date: Thu, 26 Jan 2023 13:17:34 -0300
[Message part 1 (text/plain, inline)]
Just a heads up that Ubuntu has had the patch (attached for convenience) 
for some months already[1].

[1]: https://launchpad.net/bugs/1958267
[lower_security_level_for_tls_1.patch (text/x-patch, attachment)]

Added tag(s) patch. Request was from Jeremy Bicha <jeremy.bicha@canonical.com> to control@bugs.debian.org. (Fri, 27 Jan 2023 20:09:08 GMT) (full text, mbox, link).


Added tag(s) pending. Request was from Andrej Shadura <andrewsh@debian.org> to control@bugs.debian.org. (Fri, 27 Jan 2023 20:15:12 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Debian wpasupplicant Maintainers <wpa@packages.debian.org>:
Bug#1011121; Package wpasupplicant. (Tue, 31 Jan 2023 10:39:06 GMT) (full text, mbox, link).


Acknowledgement sent to <eric2.valette@orange.com>:
Extra info received and forwarded to list. Copy sent to Debian wpasupplicant Maintainers <wpa@packages.debian.org>. (Tue, 31 Jan 2023 10:39:06 GMT) (full text, mbox, link).


Message #39 received at 1011121@bugs.debian.org (full text, mbox, reply):

From: <eric2.valette@orange.com>
To: <1011121@bugs.debian.org>
Subject: peding rebuild is taking quite long
Date: Tue, 31 Jan 2023 11:27:44 +0100
Hi,

Apparently there are lintian errors that prevent the rebuild to 
suceed... I would like to avoid applying patches by myself and rebuilding.

-- eric


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.




Reply sent to Andrej Shadura <andrewsh@debian.org>:
You have taken responsibility. (Tue, 31 Jan 2023 12:30:06 GMT) (full text, mbox, link).


Notification sent to Krzysztof Krzyżaniak (eloy) <eloy@debian.org>:
Bug acknowledged by developer. (Tue, 31 Jan 2023 12:30:06 GMT) (full text, mbox, link).


Message #44 received at 1011121-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1011121-close@bugs.debian.org
Subject: Bug#1011121: fixed in wpa 2:2.10-11
Date: Tue, 31 Jan 2023 12:27:53 +0000
Source: wpa
Source-Version: 2:2.10-11
Done: Andrej Shadura <andrewsh@debian.org>

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011121@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrej Shadura <andrewsh@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 31 Jan 2023 12:58:02 +0100
Source: wpa
Architecture: source
Version: 2:2.10-11
Distribution: unstable
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <wpa@packages.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Closes: 1011121
Changes:
 wpa (2:2.10-11) unstable; urgency=medium
 .
   * Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
     (Closes: #1011121, LP: #1958267)
   * Drop dependency on lsb-base.
Checksums-Sha1:
 1da211c1eb9e94dff4081ea4ead3db3885c7c330 2184 wpa_2.10-11.dsc
 22d8d572483bedd681aa4413cf82c0cfc7d6bce3 87616 wpa_2.10-11.debian.tar.xz
Checksums-Sha256:
 3afdc591ac63ab85eaedc1dcf61c602aecfd4d4158494e5da4d6f140b746c8dd 2184 wpa_2.10-11.dsc
 8ee19c18deab6ffefe883c0093b51b5406266c0c73bc2160beb30600d1fefec1 87616 wpa_2.10-11.debian.tar.xz
Files:
 9370da4c241654d1acf9ce55f5b8f872 2184 net optional wpa_2.10-11.dsc
 00f94d40a523ba753316d7a74ef6c554 87616 net optional wpa_2.10-11.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCY9kCcwAKCRDoRGtKyMdy
YYxRAQDz80iQjOAcLq0MU6yAqY+XFvColxNcGEqdq6x63tUsHAEA+zDJQnhlTZVQ
BeQGH1uI7OQzaHkvCc42Gv8eaOCBoQ4=
=Nd0T
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 02 Mar 2023 07:25:51 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Mar 29 05:49:56 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.