-
wpa_supplicant v2.10 with OpenSSL v3.0.8 Issue description: I want to use PEAP+MSCHAPV2 authentication with openssl3.0.8 for windows NPS servers where GTC is not supported (only MSCHAPV2 is supported by default). Steps to reproduce: Observed behavior: Expected behavior: Log snippet:
Log snippet using eapol_test utility to test 802.1x authentication provided in wpa_supplicant:
Further, when debugging it is found NULL value is returned in the following code snippet of crypto/evp/digest.c
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 49 replies
-
Probably you need to load the legacy provider as the digest used for authorization is insecure and is absent in the default provider. See https://bugzilla.redhat.com/show_bug.cgi?id=2072070 for details |
Beta Was this translation helpful? Give feedback.
-
Further, came to know that in https://bugzilla.redhat.com/show_bug.cgi?id=2072070, the SSL error code is different to the issue reported here. Reference link log: Issue reported: or OpenSSL: EVP_DigestInit_ex failed: error:0308010C:digital envelope routines::unsupported |
Beta Was this translation helpful? Give feedback.
-
Again, could you please try enabling the legacy provider? I think the digest or cipher (or both) are not included into the default provider as MSCHAP2 was implemented in 1998 or so, according to Wikipedia |
Beta Was this translation helpful? Give feedback.
Try editing the corresponding part of OpenSSL config (usually somewhere in /etc) to make it look like