[Pkg-kde-extras] Bug#578101: Related bug reports

Ian D Flintoft idf1 at ohm.york.ac.uk
Thu Nov 4 10:46:24 UTC 2010 

Hello,

        I have tried the following with my squeeze laptop
which was fully up to date as of 08:00 on 4/11/2010:

wpasupplicant                  0.6.10-2
network-manager             0.8.1-3
network-manager-kde      1.0.9~svn1141976-1


knetworkmanager
============

  knetworkmanager using /etc/ssl/certs/Equifax_Secure_CA.pem

  Fails with errors in syslog as I reported to Debian bug  574714:

Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0) starting connection 'eduroam'
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> (wlan0): device
state change: 3 -> 4 (reason 0)
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 1 of 5 (Device Prepare) scheduled...
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 1 of 5 (Device Prepare) started...
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 2 of 5 (Device Configure) scheduled...
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 1 of 5 (Device Prepare) complete.
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 2 of 5 (Device Configure) starting...
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> (wlan0): device
state change: 4 -> 5 (reason 0)
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0/wireless): access point 'eduroam' has security, but secrets are
required.
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> (wlan0): device
state change: 5 -> 6 (reason 0)
Nov  4 09:10:23 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 2 of 5 (Device Configure) complete.
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 1 of 5 (Device Prepare) scheduled...
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 1 of 5 (Device Prepare) started...
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> (wlan0): device
state change: 6 -> 4 (reason 0)
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 2 of 5 (Device Configure) scheduled...
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 1 of 5 (Device Prepare) complete.
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 2 of 5 (Device Configure) starting...
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> (wlan0): device
state change: 4 -> 5 (reason 0)
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Activation
(wlan0/wireless): connection 'eduroam' has security, and secrets exist. 
No new secrets needed.
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'ssid' value 'eduroam'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'scan_ssid' value '1'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'key_mgmt' value 'WPA-EAP'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'password' value '<omitted>'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'eap' value 'PEAP'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'fragment_size' value '1300'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'phase2' value 'auth=MSCHAPV2'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'ca_path' value '/etc/ssl/certs/Equifax_Secure_CA.pem'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'ca_cert' value 'blob://-org-freedesktop-NetworkManagerSettings-6-ca_cert'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'identity' value '<omitted>'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: added
'anonymous_identity' value '<omitted>'
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Activation
(wlan0) Stage 2 of 5 (Device Configure) complete.
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> Config: set
interface ap_scan to 1
Nov  4 09:10:26 enterprise NetworkManager[1589]: <info> (wlan0):
supplicant connection state:  inactive -> scanning
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: Trying to associate
with 00:1a:1e:f6:4a:20 (SSID='eduroam' freq=2462 MHz)
Nov  4 09:10:29 enterprise NetworkManager[1589]: <info> (wlan0):
supplicant connection state:  scanning -> associating
Nov  4 09:10:29 enterprise kernel: [  141.188704] wlan0: direct probe to
AP 00:1a:1e:f6:4a:20 (try 1)
Nov  4 09:10:29 enterprise kernel: [  141.192916] wlan0: direct probe
responded
Nov  4 09:10:29 enterprise kernel: [  141.192923] wlan0: authenticate
with AP 00:1a:1e:f6:4a:20 (try 1)
Nov  4 09:10:29 enterprise kernel: [  141.193952] wlan0: authenticated
Nov  4 09:10:29 enterprise kernel: [  141.193977] wlan0: associate with
AP 00:1a:1e:f6:4a:20 (try 1)
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: Associated with
00:1a:1e:f6:4a:20
Nov  4 09:10:29 enterprise kernel: [  141.198586] wlan0: RX AssocResp
from 00:1a:1e:f6:4a:20 (capab=0x431 status=0 aid=2)
Nov  4 09:10:29 enterprise kernel: [  141.198591] wlan0: associated
Nov  4 09:10:29 enterprise kernel: [  141.199909]
ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: CTRL-EVENT-EAP-STARTED
EAP authentication started
Nov  4 09:10:29 enterprise NetworkManager[1589]: <info> (wlan0):
supplicant connection state:  associating -> associated
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: OpenSSL:
tls_connection_ca_cert - Failed to parse ca_cert_blob
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: OpenSSL: pending error:
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: TLS: Failed to set TLS
connection parameters
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: EAP-PEAP: Failed to
initialize SSL.
Nov  4 09:10:29 enterprise wpa_supplicant[1634]: EAP: Failed to
initialize EAP method: vendor 0 method 25 (PEAP)
Nov  4 09:10:30 enterprise wpa_supplicant[1634]: CTRL-EVENT-EAP-FAILURE
EAP authentication failed



nm-applet
=======

  Exactly same WPA settings as above using nm-applet.
  Using /etc/ssl/certs/Equifax_Secure_CA.pem
  Connects with no problems very quickly.


knetworkmanager  "base64 fix"
=====================

  # cat  /etc/ssl/certs/Equifax_Secure_CA.pem | grep -v "CERTIFICATE" |
base64 -d > /etc/ssl/certs/Equifax_Secure_CA.dem

  Use /etc/ssl/certs/Equifax_Secure_CA.dem.

  Reboot to be sure (see below)

  Connects OK.

 
Important Note
==========

 It appears that once nm-applet has been used to configure the interface
once
then knetworkamanger can bring up the interface again until reboot using
either
/etc/ssl/certs/Equifax_Secure_CA.pem or /etc/ssl/certs/Equifax_Secure_CA.dem

Is there some caching of certificates going on beneath the
nm-applet/knetworkmanager
level? This makes debugging a little tricky.  I rebooted after every
configuration
change to make sure.


Observations
=========

The file
~/.kde/share/apps/networkmanagement/connections/{baacee48-1409-4907-8fed-0be2ff3add46}
contains a copy of the pem certificate with the newline characters
escaped as '\n'. Any
chance this is not getting interpreted correctly somewhere?

My original contribution to the wpasupplicant bug #574714 was misplaced
and can
be disregarded.


Best Regards,

Ian



On 03/11/10 15:03, Kai Wasserbäch wrote:
> Hello Ian, hello Patrick,
> Ian D Flintoft schrieb am 03.11.2010 14:44:
>   
>> This appears to be KDE bug number  209673. There
>> is a long thread on the KDE bug tracker about this.
>>
>> [...]
>>
>> I will try and confirm if it works OK with the gnome
>> applet the next time I bring the laptop onto campus.
>>     
> in case this wasn't related to the workaround [0] mentioned in the upstream bug
> tracker: could you please try that too and report your findings?
>
> Kind regards,
> Kai Wasserbäch
>
> P.S.: I've set forwarded-to to the bug you've mentioned as I agree this seems to
> be the same.
>
>
> [0] <https://bugs.kde.org/209673#c25>
>
>
>
>   


-- 

Dr Ian David Flintoft                  Email: idf1 at ohm.york.ac.uk 
Physical Layer Research Group          Tel:   +44 (0) 1904 322391
Department of Electronics              Fax:   +44 (0) 1904 323224 
University of York        
Heslington               
YORK, UK          
YO10 5DD               http://www.elec.york.ac.uk/staff/idf1.html
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Email disclaimer: http://www.york.ac.uk/docs/disclaimer/email.htm

More information about the pkg-kde-extras mailing list