Ben wrote:
There's nothing wrong with the certs, they work perfectly well with EAP-TLS.
That doesn't necessarily mean anything. Some vendors have completely different implementations for the various EAP methods. If they were sane, they would all just use wpa_supplicant, which is BSD licensed. It's about as perfect as software gets.
If you've got ideas for debugging an Amazon Paperwhite, I'd love to hear them !
Change the certs. Make test certs. SIMPLE ones. Small keys. See if that works. The problem may be that the device doesn't like the certs. I've seen that before. The vendor tests with *their* idea of the certs, and "it works, so ship it". Then people use different certs, and nothing works. But as always, don't blame FR. It's just passing SSL stuff between the device and OpenSSL. If the SSL magic doesn't work, then (a) the client is broken, or (b) OpenSSL is broken. Alan DeKok.