FR 3.0.21 on Debian Buster delivering strange cert+chain?

Martin Pauly pauly at hrz.uni-marburg.de
Wed Jul 15 12:33:38 CEST 2020


Hi all,

I'm getting an obscure effect with FR 3.0.21 on a fresh Debian Buster installation
(I compiled myself from the download package).
Despite an identical config (as compared to the predecessor with FR 3.017 on Debian Jessie),
some clients will not match the server cert to the chain provided.
Seemingly, these are all Apple supplicants and also eapol_test, see attached output
Any idea what's going wrong?

I've just seen there is FR 3.0.21 on buster-backports, are there any related changes
in there?

TIA, Martin

-- 
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: pauly at HRZ.Uni-Marburg.DE
   D-35032 Marburg
-------------- next part --------------
Reading configuration file 'peap-mschapv2.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
     65 78 61 6d 70 6c 65 2d 53 53 49 44               example-SSID    
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=6):
     70 61 75 6c 79 31                                 pauly1          
anonymous_identity - hexdump_ascii(len=28):
     65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e   eduroam at staff.un
     69 2d 6d 61 72 62 75 72 67 2e 64 65               i-marburg.de    
password - hexdump_ascii(len=8):
     66 70 21 7a 6e 78 77 39                           fp!znxw9        
phase2 - hexdump_ascii(len=21):
     61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65   auth=MSCHAPV2 re
     74 72 79 3d 30                                    try=0           
ca_cert - hexdump_ascii(len=47):
     2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54   /etc/ssl/certs/T
     2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52   -TeleSec_GlobalR
     6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d      oot_Class_2.pem 
Priority group 0
   id=0 ssid='example-SSID'
Authentication server 172.25.1.26:1812
RADIUS local address: 172.25.1.160:45913
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=28):
     65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e   eduroam at staff.un
     69 2d 6d 61 72 62 75 72 67 2e 64 65               i-marburg.de    
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=33)
TX EAP -> RADIUS - hexdump(len=33): 02 00 00 21 01 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=28): 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=170
   Attribute 1 (User-Name) length=30
      Value: 'eduroam at staff.uni-marburg.de'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=35
      Value: 0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
   Attribute 80 (Message-Authenticator) length=18
      Value: 86d03b7de229dd8f268c220ed72032d3
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
   Attribute 79 (EAP-Message) length=24
      Value: 01010016041052eeb339100a478aaacf977249c8f8fb
   Attribute 80 (Message-Authenticator) length=18
      Value: a29eb3252810bc87ee0666fddcf94db0
   Attribute 24 (State) length=18
      Value: 391ffa20391efeafcf1ff065f787c307
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=161
   Attribute 1 (User-Name) length=30
      Value: 'eduroam at staff.uni-marburg.de'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
      Value: 020100060319
   Attribute 24 (State) length=18
      Value: 391ffa20391efeafcf1ff065f787c307
   Attribute 80 (Message-Authenticator) length=18
      Value: fd1abae9dfb5d75cfdeb3d940e055c2f
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
   Attribute 79 (EAP-Message) length=8
      Value: 010200061920
   Attribute 80 (Message-Authenticator) length=18
      Value: b16c10024374b93d9da30f2c81b2ddf2
   Attribute 24 (State) length=18
      Value: 391ffa20381de3afcf1ff065f787c307
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 01 0a
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=266): 01 00 01 06 03 03 e0 e6 48 03 b3 39 fd 92 6c 2b e0 78 b9 8e b6 2f 68 f6 3f 48 0c 1a d5 fa 93 1e 52 18 46 d3 be 93 00 00 8c c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 00 ff 01 00 00 51 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv2/v3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv2/v3 read server hello A
SSL: SSL_connect - want more data
SSL: 271 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 271 bytes left to be sent out (of total 271 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xc75920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=281)
TX EAP -> RADIUS - hexdump(len=281): 02 02 01 19 19 80 00 00 01 0f 16 03 01 01 0a 01 00 01 06 03 03 e0 e6 48 03 b3 39 fd 92 6c 2b e0 78 b9 8e b6 2f 68 f6 3f 48 0c 1a d5 fa 93 1e 52 18 46 d3 be 93 00 00 8c c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 00 ff 01 00 00 51 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=438
   Attribute 1 (User-Name) length=30
      Value: 'eduroam at staff.uni-marburg.de'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=255
      Value: 0202011919800000010f160301010a010001060303e0e64803b339fd926c2be078b98eb62f68f63f480c1ad5fa931e521846d3be9300008cc030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f0096004100ff01000051000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a000d0020001e06010602060305
   Attribute 79 (EAP-Message) length=30
      Value: 0105020503040104020403030103020303020102020203000f000101
   Attribute 24 (State) length=18
      Value: 391ffa20381de3afcf1ff065f787c307
   Attribute 80 (Message-Authenticator) length=18
      Value: a996097078550960b6eda17dc785fb8a
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
   Attribute 79 (EAP-Message) length=255
      Value: 010303ec19c000000f7916030300590200005503031dc652874100e74c9d85fad1dd1ebc192f7b83f82fdf02953d4c794e5bd6efc020b0a552e2dfa7e14925a26aa6908f950205b4ed98af66502822746927f4b22a93c03000000dff01000100000b0004030001021603030dbb0b000db7000db40007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e06
   Attribute 79 (EAP-Message) length=255
      Value: 0355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074d61726275726731263024060355040a0c1d5068696c697070732d556e69766572736974616574204d6172627572673124302206035504030c1b7261646975732e73746166662e756e692d6d6172627572672e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100e0d72a3219e77d16
   Attribute 79 (EAP-Message) length=255
      Value: b4da30aa1ad81b6e519d843b76fe3da287b3b8813842f4d2bcd87f4cc2b7e74761e143483c3365e86c31291183286f98e179b96d2546931095e30fa88477642f81bdbdb8f2cd7472f355ad50e54bbf99a8ee6bfd40bad341f459eb299769f3318b453b0220cd316e7bf1b0ad042d9eed645c5a33221eb3ea45be78ed8bc5d1a5e689f3f1570096c13eb9f3db5b13af2178c10a538035b01104d623814079bc702298eaab4e73677f4d35b59098086cb0d6db67a4ad516dd13470c5c63f22a4a8d509d137c053106d714329b69873d983a187aaf54dd97f4038d0209ae4459197197b8810c21e2f5f2e83a3d228d3cb9164bf0f1354cccd170203010001
   Attribute 79 (EAP-Message) length=247
      Value: a38204663082046230570603551d200450304e3008060667810c010202300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043010060e2b0601040181ad21822c010104073010060e2b0601040181ad21822c0201040730090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145574a493dac77f8255c70d792c0b3cb0ccd89ae8301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d821b7261646975732e73746166662e
   Attribute 80 (Message-Authenticator) length=18
      Value: a30ddd7f5050e21de889461974fc50e7
   Attribute 24 (State) length=18
      Value: 391ffa203b1ce3afcf1ff065f787c307
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 3961
SSL: Need 2967 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xc766d0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=161
   Attribute 1 (User-Name) length=30
      Value: 'eduroam at staff.uni-marburg.de'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
      Value: 020300061900
   Attribute 24 (State) length=18
      Value: 391ffa203b1ce3afcf1ff065f787c307
   Attribute 80 (Message-Authenticator) length=18
      Value: 81d8bd5d9231acdee360c45aaae215fa
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1064
   Attribute 79 (EAP-Message) length=255
      Value: 010403e81940756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b06010505073002863d687474
   Attribute 79 (EAP-Message) length=255
      Value: 703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308201f5060a2b06010401d679020402048201e5048201e101df007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000172992ab1b200000403004830460221008dc4c351d9a68797636d58471e392be1508f341e36ba2798f872ea536e8c265c022100ef04f9ce54
   Attribute 79 (EAP-Message) length=255
      Value: d1736f5ae748e20e1d023ebe57cacfe53fa16c03a604f3863d1f8600760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000172992ab2e10000040300473045022100cb21983d40376aebb1b98c451d073cb9ca9358a55a120472541a7a12732a419f022047e8e27ca0939bda9ec7fb81c50de38a819023ab5e10b79fbc3d455188f8f71d0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000172992ab1d6000004030046304402206befe7e5d02cafc2de40e98c8da2094b6610ec1c5a135f63055cd0bf2635a582022076f60bbe0a6a07f7cd63fe73694a3839a46fd8
   Attribute 79 (EAP-Message) length=243
      Value: 0a937e033669ae8021fdd3b8e20075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000172992ab2b9000004030046304402200b8f563e1cfe01f0ef34d4b31baa910d79583705f436ea1976b608915a374f50022062159a00bf971f6588fb0b7dcdd6d0eb9d11d028bad25b2d2d8eeca9ab3f768c300d06092a864886f70d01010b0500038201010064daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d398619046ed421aa916bcb9b05b493bcc66fe9ab90cc59f9fe5e333a78993f40b52c5c62c5ea213b19a7a303896b227674d1695fa41c6ec6fc30db64145169be707
   Attribute 80 (Message-Authenticator) length=18
      Value: 9a5e9c1a11cdbcffa2b10f9e51ca2cb9
   Attribute 24 (State) length=18
      Value: 391ffa203a1be3afcf1ff065f787c307
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 1973 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xc76b30
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=161
   Attribute 1 (User-Name) length=30
      Value: 'eduroam at staff.uni-marburg.de'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
      Value: 020400061900
   Attribute 24 (State) length=18
      Value: 391ffa203a1be3afcf1ff065f787c307
   Attribute 80 (Message-Authenticator) length=18
      Value: 2dabc510af138ed3c3cbb7a852a5e674
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1064
   Attribute 79 (EAP-Message) length=255
      Value: 010503e81940d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f
   Attribute 79 (EAP-Message) length=255
      Value: 6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b4931253023
   Attribute 79 (EAP-Message) length=255
      Value: 06035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705243fb6a0
   Attribute 79 (EAP-Message) length=243
      Value: 0b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807cb8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f048187308184
   Attribute 80 (Message-Authenticator) length=18
      Value: 74bb66532ade1c868631416fcde5991e
   Attribute 24 (State) length=18
      Value: 391ffa203d1ae3afcf1ff065f787c307
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 979 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xc771f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=161
   Attribute 1 (User-Name) length=30
      Value: 'eduroam at staff.uni-marburg.de'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=8
      Value: 020500061900
   Attribute 24 (State) length=18
      Value: 391ffa203d1ae3afcf1ff065f787c307
   Attribute 80 (Message-Authenticator) length=18
      Value: 05f0df267a58448900f76720f1074fbe
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1049 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1049
   Attribute 79 (EAP-Message) length=255
      Value: 010603d919003040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c
   Attribute 79 (EAP-Message) length=255
      Value: 2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc1011973e960402
   Attribute 79 (EAP-Message) length=255
      Value: 5c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d06160303014d0c0001490300174104316f6300a13a154402d2b055c35dd979bc201e2067984fe58bf4ef854b3a523e951a67792934ad97b7198e59112ee3098b11590375a4f0e68a8b792727d5cee4060101008310e5402c34b01aadb0b636d7e80e640e45fa0a09dd085ffc137c4fe74e489152cf5b9814716e
   Attribute 79 (EAP-Message) length=228
      Value: bbeb6ef2db65b33bfdac9e9d76412e7fc7be6baf2797823be855d307ed468c88f42ce9d2df94d113a97481c4cd4247c0fce09ecf765d52c2b13d9ed3a239f92bb5989b099d09262782997cc91b19d45254184643c67be28676c6b5d3b01455752a964c972023820fd97e2a8ba5e9bee3bdcc92cff4cafca99faebc0737860ecec44d6519b5af114b60a57ed63c86a65b23138db8d993b3f6129ae1e963197b3a256a44654573931c8bc5dc23d46b0a32b7e8fa7d3838c984bd91738a3e5eb533c238956559d187ba7b2815ba2b959a9aab2ed7d36f3aee087b16030300040e000000
   Attribute 80 (Message-Authenticator) length=18
      Value: 12d3f1b97daf731bdc0dc7ab70e01838
   Attribute 24 (State) length=18
      Value: 391ffa203c19e3afcf1ff065f787c307
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=985) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=985) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 59
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=89): 02 00 00 55 03 03 1d c6 52 87 41 00 e7 4c 9d 85 fa d1 dd 1e bc 19 2f 7b 83 f8 2f df 02 95 3d 4c 79 4e 5b d6 ef c0 20 b0 a5 52 e2 df a7 e1 49 25 a2 6a a6 90 8f 95 02 05 b4 ed 98 af 66 50 28 22 74 69 27 f4 b2 2a 93 c0 30 00 00 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 0d bb
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=3515): 0b 00 0d b7 00 0d b4 00 07 fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06
TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for '/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' err='unable to get local issuer certificate'
EAP: Status notification: remote certificate verification (param=unable to get local issuer certificate)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 15 03 03 00 02
OpenSSL: TX ver=0x303 content_type=21 (alert/)
OpenSSL: Message - hexdump(len=2): 02 30
SSL: (where=0x4008 ret=0x230)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
EAP: Status notification: local TLS alert (param=unknown CA)
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in error
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in error
OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
SSL: 7 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: Failed - tls_out available to report error (len=7)
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP-PEAP: TLS processing failed
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=0xc8e460
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=17)
TX EAP -> RADIUS - hexdump(len=17): 02 06 00 11 19 80 00 00 00 07 15 03 03 00 02 02 30
Encapsulating EAP message into a RADIUS packet
  Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=172
   Attribute 1 (User-Name) length=30
      Value: 'eduroam at staff.uni-marburg.de'
   Attribute 4 (NAS-IP-Address) length=6
      Value: 127.0.0.1
   Attribute 31 (Calling-Station-Id) length=19
      Value: '02-00-00-00-00-01'
   Attribute 12 (Framed-MTU) length=6
      Value: 1400
   Attribute 61 (NAS-Port-Type) length=6
      Value: 19
   Attribute 6 (Service-Type) length=6
      Value: 2
   Attribute 77 (Connect-Info) length=24
      Value: 'CONNECT 11Mbps 802.11b'
   Attribute 79 (EAP-Message) length=19
      Value: 0206001119800000000715030300020230
   Attribute 24 (State) length=18
      Value: 391ffa203c19e3afcf1ff065f787c307
   Attribute 80 (Message-Authenticator) length=18
      Value: 1cece8f407723005584c6aaf6879920c
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=6 length=44
   Attribute 79 (EAP-Message) length=6
      Value: 04060004
   Attribute 80 (Message-Authenticator) length=18
      Value: ec6c397ebe63102f82f345f8d3967553
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=4 id=6 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=0
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5391 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200715/922abbc6/attachment-0001.bin>


More information about the Freeradius-Users mailing list