Matt Zagrabelny <mzagrabe@d.umn.edu> wrote
It seems eapol_test needs a shared secret with the RADIUS server. I don't have that.
Ah I should have read more carefully. If you can wrest control of wpa_supplicant away from NetworkManager, and run it in the foreground with a lot of -d's it will dump its EAPOL traffic (including sensitive stuff). You'd be looking for several >= 1024 RX chunks followed by one smaller one with some messages about needing more data in between... that's sure to be the certificate chain as it's the biggest object transferred. Glue those chunks together (chop off 10 bytes I think at the start of each to get rid of the EAP header) and your certs are in there. You just have to concatinate those, unhex it, and figure out what parts to chop off to get each cert in the chain into some reasonable facsimili of a .DER file, I think, then use "openssl x509" to convert it to PEM or view it. But... the ASCII parts of the cert will immediately be visible with a simple strings command after unhexing. One afternoon of perl hackery and that all could be automated pretty easily...