Bug#962174: iwd: Failed to load trusted user certificate

Thu, 04 Jun 2020 01:33:26 -0700 

Package: iwd
Version: 1.7-1
Severity: normal

Hello,

it looks like the IWD is not able to load trusted user certificates.
Basically if the certificate is enclosed in

-----BEGIN TRUSTED CERTIFICATE-----
-----END TRUSTED CERTIFICATE-----

I'm always getting an error "Failed to load". Once the user cert is
converted using OpenSSL and is enclosed in

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

it can be loaded without any problem. But such a converted certificate
is not accepted by the RADIUS in my case.

Below is the network configuration file and related syslog output

[Security]
EAP-Method=TLS
EAP-Identity=someuser
EAP-TLS-ClientCert=/usr/local/share/ca-certificates/user.crt
EAP-TLS-ClientKey=/usr/local/share/ca-certificates/key.crt
EAP-TLS-CACert=/usr/local/share/ca-certificates/root.crt

Jun  2 01:19:41 somehost systemd[1]: Starting Wireless service...
Jun  2 01:19:41 somehost iwd[767]: No Diffie-Hellman support found,
WPS will not be available
Jun  2 01:19:41 somehost iwd[767]: The following options are missing
in the kernel:
Jun  2 01:19:41 somehost iwd[767]: #011CONFIG_KEY_DH_OPERATIONS
Jun  2 01:19:41 somehost iwd[767]: Wireless daemon version 1.7
Jun  2 01:19:41 somehost systemd[1]: Started Wireless service.
Jun  2 01:19:41 somehost iwd[767]: netconfig: Network configuration is disabled.
Jun  2 01:19:41 somehost iwd[767]: Wiphy: 0, Name: phy0
Jun  2 01:19:41 somehost iwd[767]: #011Permanent Address: dc:a6:32:49:d4:66
Jun  2 01:19:41 somehost iwd[767]: #011Bands: 2.4 GHz 5 GHz
Jun  2 01:19:41 somehost iwd[767]: #011Ciphers: CCMP TKIP BIP
Jun  2 01:19:41 somehost iwd[767]: #011Supported iftypes: ad-hoc
station ap p2p-client p2p-go p2p-device
Jun  2 01:19:41 somehost iwd[767]: Wiphy phy0 will only use the
default interface
Jun  2 01:19:41 somehost kernel: [  169.433109] brcmfmac:
brcmf_cfg80211_set_power_mgmt: power save disabled
Jun  2 01:19:41 somehost iwd[767]: Failed to load
/usr/local/share/ca-certificates/user.crt

Thanks!
Martin


-- System Information:
Debian Release: bullseye/sid
Architecture: armhf (armv7l)

Kernel: Linux 5.6.14-v7l+ (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iwd depends on:
ii  libc6         2.30-8+rpi1
ii  libreadline8  8.0-4

iwd recommends no packages.

iwd suggests no packages.

-- no debconf information

Reply via email to