#916460 wpasupplicant 2.6 breaks WPA-Enterprise authentication

Package:
wpasupplicant
Source:
wpa
Description:
client support for WPA and WPA2 (IEEE 802.11i)
Submitter:
Gabriel
Date:
2018-12-16 12:15:13 UTC
Severity:
normal
#916460#5
Date:
2018-12-14 17:45:56 UTC
From:
To:
wpasupplicant 2.6 doesn't authenticate correctly with WPA Enteprise
networks like eduroam.
My distribution is Debian testing and my wireless card is an Intel
Wireless 7260.
I tried do downgrade both wpasupplicant and openssl and I discovered
that using wpasupllicant 2.4 (available in the stable repository) the
bug doesn't appear, openssl doesn't seem to be involved in the bug.

This is the full wpa_supplicant log:

wpa_supplicant[1075]: wlan0: Trying to associate with 54:75:d0:3f:4d:2d
(SSID='eduroam' freq=5200 MHz)
wpa_supplicant[1075]: wlan0: Associated with 54:75:d0:3f:4d:2d
wpa_supplicant[1075]: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wpa_supplicant[1075]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication
started
wpa_supplicant[1075]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE
type=COUNTRY alpha2=IT
wpa_supplicant[1075]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0
method=25 -> NAK
wpa_supplicant[1075]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0
method=21
wpa_supplicant[1075]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method
21 (TTLS) selected
wpa_supplicant[1075]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0
subject='/CN=eduradius-dr-2018'
hash=86fdb85978a8d3c9ba28e40f1f10415d49c0a595b8752556906d37ac9d1884fc
wpa_supplicant[1075]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0
subject='/CN=eduradius-dr-2018'
hash=86fdb85978a8d3c9ba28e40f1f10415d49c0a595b8752556906d37ac9d1884fc
wpa_supplicant[1075]: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication
failed
wpa_supplicant[1075]: wlan0: Authentication with 54:75:d0:3f:4d:2d timed
out.
wpa_supplicant[1075]: wlan0: CTRL-EVENT-DISCONNECTED
bssid=54:75:d0:3f:4d:2d reason=3 locally_generated=1
wpa_supplicant[1075]: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0
ssid="eduroam" auth_failures=2 duration=23 reason=AUTH_FAILED
wpa_supplicant[1075]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE
type=WORLD

#916460#10
Date:
2018-12-14 21:12:57 UTC
From:
To:
But does the older libssl1.1 work with the new wpasupplicant?
#916460#15
Date:
2018-12-14 21:12:57 UTC
From:
To:
But does the older libssl1.1 work with the new wpasupplicant?
#916460#20
Date:
2018-12-15 00:37:34 UTC
From:
To:
Il 2018-12-14 22:12 Andrej Shadura ha scritto:
No, it doesn't.

#916460#25
Date:
2018-12-15 00:37:34 UTC
From:
To:
Il 2018-12-14 22:12 Andrej Shadura ha scritto:
No, it doesn't.

#916460#30
Date:
2018-12-15 12:44:45 UTC
From:
To:
Could you please try wpa-supplicant 2.7 from experimental with a
downgraded libssl1.1?

#916460#35
Date:
2018-12-15 12:44:45 UTC
From:
To:
Could you please try wpa-supplicant 2.7 from experimental with a
downgraded libssl1.1?

#916460#40
Date:
2018-12-15 15:10:33 UTC
From:
To:
Il 2018-12-15 13:44 Andrej Shadura ha scritto:
openssl 1.1.0f-3+deb9u2
wpasupplicant 2:2.7-1

As soon as I'll be back in my University I'll report the result.

#916460#45
Date:
2018-12-15 15:10:33 UTC
From:
To:
Il 2018-12-15 13:44 Andrej Shadura ha scritto:
openssl 1.1.0f-3+deb9u2
wpasupplicant 2:2.7-1

As soon as I'll be back in my University I'll report the result.

#916460#50
Date:
2018-12-16 11:17:24 UTC
From:
To:
openssl ≠ libssl1.1. I meant libssl1.1, *not* openssl.
#916460#55
Date:
2018-12-16 11:17:24 UTC
From:
To:
openssl ≠ libssl1.1. I meant libssl1.1, *not* openssl.
#916460#60
Date:
2018-12-16 12:12:44 UTC
From:
To:
Il 2018-12-16 12:17 Andrej Shadura ha scritto:
sudo apt install libssl1.1=1.1.0f-3+deb9u2

Then apt ask  me to uninstall 381 packages that depends on the newer
version.
Is there a way to have both version and force wpasupplicant to use the
older?

#916460#65
Date:
2018-12-16 12:12:44 UTC
From:
To:
Il 2018-12-16 12:17 Andrej Shadura ha scritto:
sudo apt install libssl1.1=1.1.0f-3+deb9u2

Then apt ask  me to uninstall 381 packages that depends on the newer
version.
Is there a way to have both version and force wpasupplicant to use the
older?