FR 3.0.21 on Debian Buster delivering strange cert+chain?
Martin Pauly
pauly at hrz.uni-marburg.de
Thu Jul 23 20:10:02 CEST 2020
Hi,
Am 19.07.20 um 14:58 schrieb Alan DeKok:
> IIRC, PEAP enables TLS compression by default (i.e. requires it), and TTLS doesn't. That might be the difference here.
just an update. Currently, it looks like we're heading for "corner case".
My limited ideas include exploring above mentioned TLS compression, some weird
effect of our unusually long realms (causing fragmentation, adding complexity--really??).
More testing, perhaps with a reduced, debugging-friendly setup, will be required.
And, of course, the SSL Flags (0x04 vs. 0x00) seen in the EAP packets are giving me headache.
Being far from understanding eap_tls.c, is eap_tls_compose() the function where
the message triggering failure is assembled? From RFC 2716, sec. 4.2, I would conclude
that a Flags octet of 0x04 means that the S (start) bit is set, is this right?
And regardless, should this really differ between libssl versions at this step
of the EAP-TLS negotiation?
Another observation:
thm.de is running the exact combination of Debian Buster with 1.1.1d-0+deb10u3:amd64
and FR 3.0.21 Packets and very similar TLS config (thx to Sven). Through
our radsec proxy servers, I can trigger an eapol_test simulating some THM eduoram user.
Not having a real account, I get rejected, but the cert verification is 100% fine,
as with their real clients. For completeness, the eapol_test output is attached.
I'm on vacation for the next two weeks, so delayed replies to any comments
should not be seen as lack of interest.
Thanks to everyone for looking into this so far
Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
Reading configuration file 'peap-mschapv2-thm.de.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
65 78 61 6d 70 6c 65 2d 53 53 49 44 example-SSID
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=8):
74 65 73 74 75 73 65 72 testuser
anonymous_identity - hexdump_ascii(len=14):
65 64 75 72 6f 61 6d 40 74 68 6d 2e 64 65 eduroam at thm.de
password - hexdump_ascii(len=8):
74 65 73 74 70 61 73 73 testpass
phase2 - hexdump_ascii(len=21):
61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65 auth=MSCHAPV2 re
74 72 79 3d 30 try=0
ca_cert - hexdump_ascii(len=47):
2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54 /etc/ssl/certs/T
2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 -TeleSec_GlobalR
6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d oot_Class_2.pem
Priority group 0
id=0 ssid='example-SSID'
Authentication server 137.248.16.2:1812
RADIUS local address: 172.25.1.26:38816
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=14):
65 64 75 72 6f 61 6d 40 74 68 6d 2e 64 65 eduroam at thm.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=19)
TX EAP -> RADIUS - hexdump(len=19): 02 00 00 13 01 65 64 75 72 6f 61 6d 40 74 68 6d 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=14): 65 64 75 72 6f 61 6d 40 74 68 6d 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=142
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=21
Value: 0200001301656475726f616d4074686d2e6465
Attribute 80 (Message-Authenticator) length=18
Value: e10c6ac0d9f116a2508aaf14f44b19fb
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=64
Attribute 79 (EAP-Message) length=8
Value: 010100061920
Attribute 80 (Message-Authenticator) length=18
Value: 5148ce00b9be31bfb2635de10848c96b
Attribute 24 (State) length=18
Value: 36756a57367473b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 01 0a
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=266): 01 00 01 06 03 03 c9 a1 36 41 46 e1 cd 1c 91 0a 57 7e 84 56 88 99 0b 26 9b 0d 1a 3c 46 f9 db 4f 82 d7 d7 b2 c6 b7 00 00 8c c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 00 ff 01 00 00 51 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv2/v3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv2/v3 read server hello A
SSL: SSL_connect - want more data
SSL: 271 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 271 bytes left to be sent out (of total 271 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9d830
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=281)
TX EAP -> RADIUS - hexdump(len=281): 02 01 01 19 19 80 00 00 01 0f 16 03 01 01 0a 01 00 01 06 03 03 c9 a1 36 41 46 e1 cd 1c 91 0a 57 7e 84 56 88 99 0b 26 9b 0d 1a 3c 46 f9 db 4f 82 d7 d7 b2 c6 b7 00 00 8c c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 00 ff 01 00 00 51 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=424
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=255
Value: 0201011919800000010f160301010a010001060303c9a1364146e1cd1c910a577e845688990b269b0d1a3c46f9db4f82d7d7b2c6b700008cc030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f0096004100ff01000051000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a000d0020001e06010602060305
Attribute 79 (EAP-Message) length=30
Value: 0105020503040104020403030103020303020102020203000f000101
Attribute 24 (State) length=18
Value: 36756a57367473b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 5296f3d6fbcd7ad4e11857eff8623c26
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1080 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1080
Attribute 79 (EAP-Message) length=255
Value: 010203f619c000001658160303003902000035030371143b0ce82e9bd40c349da31b31b41e480c6d94df5d2f5e627460ab646209c100c03000000dff01000100000b00040300010216030314ba0b0014b60014b30009e4308209e0308208c8a003020102020c1f9b3522565dbabfb04d182c300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265
Attribute 79 (EAP-Message) length=255
Value: 696e20476c6f62616c2049737375696e67204341301e170d3138303832313036353632325a170d3230313132323036353632325a308181310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074769657373656e312b3029060355040a0c22546563686e697363686520486f6368736368756c65204d697474656c68657373656e310c300a060355040b0c034954533114301206035504030c0b776c616e2e74686d2e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100cfc07dbf897772a0452976b958516738ca791978e8b0868530320637ce64e3ebf98973df
Attribute 79 (EAP-Message) length=255
Value: c04b1ac7894bedbee1c35fbd9410cd1fcd0137a60553724c7164d0d6a9569bf0a14bc3b5aed57a9b9d380eab790a626be8cfeccaf79c60bbbee48db521057f155080832445781e68699bfbeeea4f8a5e36d749190c38ef48444428b035ff529bcdbdce21d34f23b8ad246c564eb0a5d4c3ece4a7ebd617c17df10ac29e28dc2d57a882a27315ac0c321aef109bfd2c504734988ea071b249f0eb8f62a07570921a1cc893e3dabbaef2ca9887856260fbfcbe2ddb2aba18dd5192349f1875851c7befe44d0256724707c51cc51446fc3aef1a4a374e322c8dd276a51f0203010001a38206483082064430590603551d20045230503008060667810c0102
Attribute 79 (EAP-Message) length=255
Value: 02300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043011060f2b0601040181ad21822c01010403083011060f2b0601040181ad21822c020104030830090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e0416041487de6754025ab3e200fbd89d6274b821158661b5301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d820b776c616e2e74686d2e6465820e656475726f616d2e74686d2e646530818d0603551d1f048185308182303fa03da03b
Attribute 79 (EAP-Message) length=4
Value: 8639
Attribute 80 (Message-Authenticator) length=18
Value: ed0a378e8b6884879fa9705c7f85549f
Attribute 24 (State) length=18
Value: 36756a57377773b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=1014) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1014) - Flags 0xc0
SSL: TLS Message Length: 5720
SSL: Need 4716 bytes more input data
SSL: Building ACK (type=25 id=2 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9e690
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 02 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=147
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020200061900
Attribute 24 (State) length=18
Value: 36756a57377773b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: a139231de204e9d8e4a2ba781d080ea5
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1074 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1074
Attribute 79 (EAP-Message) length=255
Value: 010303f21940687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b06010505073002863d687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d6732
Attribute 79 (EAP-Message) length=255
Value: 2f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308203d5060a2b06010401d679020402048203c5048203c103bf0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913000001655b453eff000004030047304502206a1120e6335c97f61f567ec3806caad1ec0ab341124d50acd65eed72549396e2022100bc7bd610fa9f3324e5bdd29e380a8473f81010a4282cd0ebf6cf0effc3244ba3007600ee4bbdb775ce60
Attribute 79 (EAP-Message) length=255
Value: bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb000001655b453ef20000040300473045022046d7811f3baa3e4b2d4197db20e5878eabbeed833827336ce2db329108b3c05c0221009c356a88fea385c6d099866d02eadd5a2d5b22f55836b4e0529670389bd501120077005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c000001655b453ff00000040300483046022100e7add9d7593e1e69cfa98bd7b280b06fc87b9b8062cb308c797e3a449e8380d2022100e42de61181724eda650599bc76a69a8d71e3416e4fcb212f27ca7cbc904590e2007600bbd9dfbc1f8a71b593942397aa927b47385795
Attribute 79 (EAP-Message) length=253
Value: 0aab52e81a909664368e1ed185000001655b4541240000040300473045022100b926b664607eba631810de01c1bc947a8e576e0c9f9e96bd85afe6a4fbed9cd60220059c96b88204a7f2da3ecf58b090204f08b6a03d9c1b19c1b7f5992968561e13007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001655b45414400000403004630440220448148f963c50f8d647c067776371a18a83d3228534b3023f5776e87aa3cba7702200b59aa9a6303afa070a6c4e4f46fb81eb189c28dc2af99da6a500d11ac34613c007600aae70b7f3cb8d566c86c2f16979c9f445f69ab0eb4535589b2f77a030104f3
Attribute 80 (Message-Authenticator) length=18
Value: ec106e1158e7d40ffa5f29a8e5203a03
Attribute 24 (State) length=18
Value: 36756a57347673b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1010) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1010) - Flags 0x40
SSL: Need 3712 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9eaf0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=147
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020300061900
Attribute 24 (State) length=18
Value: 36756a57347673b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 3d3feb5d5d4140114d66f82d9202be55
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1074 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1074
Attribute 79 (EAP-Message) length=255
Value: 010403f21940cd000001655b453ea20000040300473045022100ddc4dfff256052eecb138dd8063759455b3c3c461f603e20e2cd260facaa6209022034c5c045e3a7445f3c2f60616b80735b60bc4ca510ced4177411a2591b455a0b0075005ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558000001655b454539000004030046304402202e81140c1d54c36b50684926de8522e219385df18fa6ffd87335197c628e9c7202205806375fc9b37a976c67d41031f0ba1a92bd2a1ae592d56bea6073688ea33a0c007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e000001655b4543
Attribute 79 (EAP-Message) length=255
Value: 2a0000040300473045022016914d66851b7a2ad500be4e3b896df28691a14d14228213041bc06d0cf54c6a022100ea0e581fafbd8912234a8b883e30bdc721b21cc519c4129339af5deae1b492ed300d06092a864886f70d01010b05000382010100815695790d7416a1da44108c0050ac1a83bc26db144551d21d66c610b923d2ca3c4f0a295c91944d6fdd7ebb314f8b1e474aaea688cdb838a9e12233eea97831a453d519ea7c8379ebdf109df196e493188091df2c11272107d0a17245aa8e1f0f5777767ba7f358af8c1f399a5799c0ce9442c399e968db96d70579ac73afd9c89630ad20202827cb148ab9b298e3cf6821bdca05d5d127328662
Attribute 79 (EAP-Message) length=255
Value: 01969e5db4634fe1cfa5dc73d4eae3809c0e0629421c7373fbd9e03fc8f0d0e789fc906acec6686225e718a6be5b950349378810502f052d3cd66199bd0c555f1eeef995c9b8cf8dddc353c6ea82aaf10283b71e8146f9ecb5161f1e67ec73149ea1489b3d0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b060355
Attribute 79 (EAP-Message) length=253
Value: 0403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b
Attribute 80 (Message-Authenticator) length=18
Value: 0e03b9585e26f64a5782018792a7af82
Attribute 24 (State) length=18
Value: 36756a57357173b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1010) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1010) - Flags 0x40
SSL: Need 2708 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9f1b0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=147
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020400061900
Attribute 24 (State) length=18
Value: 36756a57357173b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 39e0026253a7190bf00b422a9fcb320f
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1074 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1074
Attribute 79 (EAP-Message) length=255
Value: 010503f21940791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705243fb6a00b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807c
Attribute 79 (EAP-Message) length=255
Value: b8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f0481873081843040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a6874
Attribute 79 (EAP-Message) length=255
Value: 74703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d
Attribute 79 (EAP-Message) length=253
Value: 67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc1011973e9604025c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302
Attribute 80 (Message-Authenticator) length=18
Value: 3b079493f3b005c55204013aef60bca4
Attribute 24 (State) length=18
Value: 36756a57327073b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1010) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1010) - Flags 0x40
SSL: Need 1704 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9ec50
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=147
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020500061900
Attribute 24 (State) length=18
Value: 36756a57327073b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 52b9d367e1c9fd7b31ea2cad2ca0389f
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1074 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1074
Attribute 79 (EAP-Message) length=255
Value: 010603f21940bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d0600051630820512308203faa003020102020900e30bd5f8af25d981300d06092a864886f70d01010b0500308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d53797374656d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c6173732032301e170d3136303232323133333832325a170d33
Attribute 79 (EAP-Message) length=255
Value: 31303232323233353935395a308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f72697479203230820122300d06092a864886f70d01010105000382010f003082010a0282010100cb60d7ff66a141cdd2fa87978a73ab994dea67395aa1608047154e8c95b2e5cfced3574b8dcef8566c15557607ea46fdc80345633e70d4ab
Attribute 79 (EAP-Message) length=255
Value: 5480b1239cbe3728a909ff055d180fc4989937b320f666781787c29d0ecc4a32e7169dae0e8d297907002054dc155f4a96d778b634d3c174b59de9bfc0774deabd5907e05a2f6c3ca500dc35bd650d8f7f326df25a6a4b6201eeac38345945364905da78ca6a6d5bc0816b11ccd23ca88bf8711aca3be280dd16b4677a8b36ea4e91293db3515cada80cbe9d34e3d10d178375c4391eb0940b12f1d5698e25f4b83d2bbfc08ec31e3ba5bf5510ab2aae17975e33cec8f3f40907e3028631466b01c5100c11c759e90203010001a382017430820170300e0603551d0f0101ff040403020106301d0603551d0e0416041493e3d83226dad5f14aa5914ae0
Attribute 79 (EAP-Message) length=253
Value: ea4be2a20ccfe1301f0603551d23041830168014bf5920360079a0a0226b8cd5f261d2b82ccb824a30120603551d130101ff040830060101ff02010230330603551d20042c302a300f060d2b0601040181ad21822c010104300d060b2b0601040181ad21822c1e3008060667810c010202304c0603551d1f044530433041a03fa03d863b687474703a2f2f706b69303333362e74656c657365632e64652f726c2f54656c655365635f476c6f62616c526f6f745f436c6173735f322e63726c30818606082b06010505070101047a3078302c06082b060105050730018620687474703a2f2f6f637370303333362e74656c657365632e64652f6f63
Attribute 80 (Message-Authenticator) length=18
Value: 4414f8459a29c67c5f780ecaf6696ee3
Attribute 24 (State) length=18
Value: 36756a57337373b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=1010) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1010) - Flags 0x40
SSL: Need 700 bytes more input data
SSL: Building ACK (type=25 id=6 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9b9f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 06 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=147
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020600061900
Attribute 24 (State) length=18
Value: 36756a57337373b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 3fa4758a96ee89d90d97cd285a22547d
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 768 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=768
Attribute 79 (EAP-Message) length=255
Value: 010702c21900737072304806082b06010505073002863c687474703a2f2f706b69303333362e74656c657365632e64652f6372742f54656c655365635f476c6f62616c526f6f745f436c6173735f322e636572300d06092a864886f70d01010b05000382010100870bff3e029b65c8562dd63b9a988b714fdaba29aa21f9462ef5b2a40fae11387938b30e74ba765d9ee818829662db4c33e8ddf96adf32bd2c4c4760557fe7746bb42c83d8796bb6b74d500b6607b5edb397adeaee7f30e699fd22e2724d3e845beef9cf99ea7fd752392eac9800447e693bbf75eed00b3b1acde5f70f226c4784f6a547a0fdd01a347dadd23d77b3eef4d74dffc3e8
Attribute 79 (EAP-Message) length=255
Value: e5924f593e9047104ab08558c06f7ff8aeed08429e1ed4df142e4d8fbc9e94c3e7edf618f83c49e726a8a736d82cde22cd8b82d8d978e25512a33b8744b6110bd50c52af698c0f06dfd0a2538b57987bcffd0724f4fcbdc3fd4a9202971bf2b7b6cf658a1aa2b5721939160303014d0c000149030017410442260e4f783fff3a23069d5c46c3982e5e405ff2d47e303892a9a255fb0f6f6ef82465141ac70a91142de470ed792d57d1cfd7d2866904271567bc25fef16b71040101001dc2fccd00ef290a00c410b64cd5ca2abfbae9b52eb22a976a1f121b2c24cadd8e67eeb0a18ccfa7a70347b913ad0775e6991c3057b5883145e54377a18ab2f0a6
Attribute 79 (EAP-Message) length=202
Value: 706c8e53edbc2be68944796df83f207c5bde3a3390cad9de9a6bfbd0e340856ce95cb036c288a57ae4adbbeee50e3f350bb0e947d812b7ae5223525f4f8abe1a41cd9ec9f09f1a435284d058b7a40525f46c48153669e52f67789b545a14d3966066d1955e3b539852dc57a93bd7d84d678b56f6642038aeaa6aac6ba96d5101dcd31284878424fb586f0ccf4400276b30811dc7f4ed7aec2e80b00df66775e2912188791a368529b805707d2b25bf4653963d536d828d6adebf0e581eebce16030300040e000000
Attribute 80 (Message-Authenticator) length=18
Value: 27090fb46c2c0821e9191a88c1604756
Attribute 24 (State) length=18
Value: 36756a57307273b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=7 len=706) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=706) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 39
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=57): 02 00 00 35 03 03 71 14 3b 0c e8 2e 9b d4 0c 34 9d a3 1b 31 b4 1e 48 0c 6d 94 df 5d 2f 5e 62 74 60 ab 64 62 09 c1 00 c0 30 00 00 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 14 ba
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=5306): 0b 00 14 b6 00 14 b3 00 09 e4 30 82 09 e0 30 82 08 c8 a0 03 02 01 02 02 0c 1f 9b 35 22 56 5d ba bf b0 4d 18 2c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 31 38 30 38 32 31 30 36 35 36 32 32 5a 17 0d 32 30 31 31 32 32 30 36 35 36 32 32 5a 30 81 81 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 47 69 65 73 73 65 6e 31 2b 30 29 06 03 55 04 0a 0c 22 54 65 63 68 6e 69 73 63 68 65 20 48 6f 63 68 73 63 68 75 6c 65 20 4d 69 74 74 65 6c 68 65 73 73 65 6e 31 0c 30 0a 06 03 55 04 0b 0c 03 49 54 53 31 14 30 12 06 03 55 04 03 0c 0b 77 6c 61 6e 2e 74 68 6d 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 cf c0 7d bf 89 77 72 a0 45 29 76 b9 58 51 67 38 ca 79 19 78 e8 b0 86 85 30 32 06 37 ce 64 e3 eb f9 89 73 df c0 4b 1a c7 89 4b ed be e1 c3 5f bd 94 10 cd 1f cd 01 37 a6 05 53 72 4c 71 64 d0 d6 a9 56 9b f0 a1 4b c3 b5 ae d5 7a 9b 9d 38 0e ab 79 0a 62 6b e8 cf ec ca f7 9c 60 bb be e4 8d b5 21 05 7f 15 50 80 83 24 45 78 1e 68 69 9b fb ee ea 4f 8a 5e 36 d7 49 19 0c 38 ef 48 44 44 28 b0 35 ff 52 9b cd bd ce 21 d3 4f 23 b8 ad 24 6c 56 4e b0 a5 d4 c3 ec e4 a7 eb d6 17 c1 7d f1 0a c2 9e 28 dc 2d 57 a8 82 a2 73 15 ac 0c 32 1a ef 10 9b fd 2c 50 47 34 98 8e a0 71 b2 49 f0 eb 8f 62 a0 75 70 92 1a 1c c8 93 e3 da bb ae f2 ca 98 87 85 62 60 fb fc be 2d db 2a ba 18 dd 51 92 34 9f 18 75 85 1c 7b ef e4 4d 02 56 72 47 07 c5 1c c5 14 46 fc 3a ef 1a 4a 37 4e 32 2c 8d d2 76 a5 1f 02 03 01 00 01 a3 82 06 48 30 82 06 44 30 59 06 03 55 1d 20 04 52 30 50 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 11 06 0f 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 03 08 30 11 06 0f 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 03 08 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 87 de 67 54 02 5a b3 e2 00 fb d8 9d 62 74 b8 21 15 86 61 b5 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 0b 77 6c 61 6e 2e 74 68 6d 2e 64 65 82 0e 65 64 75 72 6f 61 6d 2e 74 68 6d 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 03 d5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 03 c5 04 82 03 c1 03 bf 00 76 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 65 5b 45 3e ff 00 00 04 03 00 47 30 45 02 20 6a 11 20 e6 33 5c 97 f6 1f 56 7e c3 80 6c aa d1 ec 0a b3 41 12 4d 50 ac d6 5e ed 72 54 93 96 e2 02 21 00 bc 7b d6 10 fa 9f 33 24 e5 bd d2 9e 38 0a 84 73 f8 10 10 a4 28 2c d0 eb f6 cf 0e ff c3 24 4b a3 00 76 00 ee 4b bd b7 75 ce 60 ba e1 42 69 1f ab e1 9e 66 a3 0f 7e 5f b0 72 d8 83 00 c4 7b 89 7a a8 fd cb 00 00 01 65 5b 45 3e f2 00 00 04 03 00 47 30 45 02 20 46 d7 81 1f 3b aa 3e 4b 2d 41 97 db 20 e5 87 8e ab be ed 83 38 27 33 6c e2 db 32 91 08 b3 c0 5c 02 21 00 9c 35 6a 88 fe a3 85 c6 d0 99 86 6d 02 ea dd 5a 2d 5b 22 f5 58 36 b4 e0 52 96 70 38 9b d5 01 12 00 77 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 65 5b 45 3f f0 00 00 04 03 00 48 30 46 02 21 00 e7 ad d9 d7 59 3e 1e 69 cf a9 8b d7 b2 80 b0 6f c8 7b 9b 80 62 cb 30 8c 79 7e 3a 44 9e 83 80 d2 02 21 00 e4 2d e6 11 81 72 4e da 65 05 99 bc 76 a6 9a 8d 71 e3 41 6e 4f cb 21 2f 27 ca 7c bc 90 45 90 e2 00 76 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 65 5b 45 41 24 00 00 04 03 00 47 30 45 02 21 00 b9 26 b6 64 60 7e ba 63 18 10 de 01 c1 bc 94 7a 8e 57 6e 0c 9f 9e 96 bd 85 af e6 a4 fb ed 9c d6 02 20 05 9c 96 b8 82 04 a7 f2 da 3e cf 58 b0 90 20 4f 08 b6 a0 3d 9c 1b 19 c1 b7 f5 99 29 68 56 1e 13 00 75 00 a4 b9 09 90 b4 18 58 14 87 bb 13 a2 cc 67 70 0a 3c 35 98 04 f9 1b df b8 e3 77 cd 0e c8 0d dc 10 00 00 01 65 5b 45 41 44 00 00 04 03 00 46 30 44 02 20 44 81 48 f9 63 c5 0f 8d 64 7c 06 77 76 37 1a 18 a8 3d 32 28 53 4b 30 23 f5 77 6e 87 aa 3c ba 77 02 20 0b 59 aa 9a 63 03 af a0 70 a6 c4 e4 f4 6f b8 1e b1 89 c2 8d c2 af 99 da 6a 50 0d 11 ac 34 61 3c 00 76 00 aa e7 0b 7f 3c b8 d5 66 c8 6c 2f 16 97 9c 9f 44 5f 69 ab 0e b4 53 55 89 b2 f7 7a 03 01 04 f3 cd 00 00 01 65 5b 45 3e a2 00 00 04 03 00 47 30 45 02 21 00 dd c4 df ff 25 60 52 ee cb 13 8d d8 06 37 59 45 5b 3c 3c 46 1f 60 3e 20 e2 cd 26 0f ac aa 62 09 02 20 34 c5 c0 45 e3 a7 44 5f 3c 2f 60 61 6b 80 73 5b 60 bc 4c a5 10 ce d4 17 74 11 a2 59 1b 45 5a 0b 00 75 00 5e a7 73 f9 df 56 c0 e7 b5 36 48 7d d0 49 e0 32 7a 91 9a 0c 84 a1 12 12 84 18 75 96 81 71 45 58 00 00 01 65 5b 45 45 39 00 00 04 03 00 46 30 44 02 20 2e 81 14 0c 1d 54 c3 6b 50 68 49 26 de 85 22 e2 19 38 5d f1 8f a6 ff d8 73 35 19 7c 62 8e 9c 72 02 20 58 06 37 5f c9 b3 7a 97 6c 67 d4 10 31 f0 ba 1a 92 bd 2a 1a e5 92 d5 6b ea 60 73 68 8e a3 3a 0c 00 76 00 b2 1e 05 cc 8b a2 cd 8a 20 4e 87 66 f9 2b b9 8a 25 20 67 6b da fa 70 e7 b2 49 53 2d ef 8b 90 5e 00 00 01 65 5b 45 43 2a 00 00 04 03 00 47 30 45 02 20 16 91 4d 66 85 1b 7a 2a d5 00 be 4e 3b 89 6d f2 86 91 a1 4d 14 22 82 13 04 1b c0 6d 0c f5 4c 6a 02 21 00 ea 0e 58 1f af bd 89 12 23 4a 8b 88 3e 30 bd c7 21 b2 1c c5 19 c4 12 93 39 af 5d ea e1 b4 92 ed 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 56 95 79 0d 74 16 a1 da 44 10 8c 00 50 ac 1a 83 bc 26 db 14 45 51 d2 1d 66 c6 10 b9 23 d2 ca 3c 4f 0a 29 5c 91 94 4d 6f dd 7e bb 31 4f 8b 1e 47 4a ae a6 88 cd b8 38 a9 e1 22 33 ee a9 78 31 a4 53 d5 19 ea 7c 83 79 eb df 10 9d f1 96 e4 93 18 80 91 df 2c 11 27 21 07 d0 a1 72 45 aa 8e 1f 0f 57 77 76 7b a7 f3 58 af 8c 1f 39 9a 57 99 c0 ce 94 42 c3 99 e9 68 db 96 d7 05 79 ac 73 af d9 c8 96 30 ad 20 20 28 27 cb 14 8a b9 b2 98 e3 cf 68 21 bd ca 05 d5 d1 27 32 86 62 01 96 9e 5d b4 63 4f e1 cf a5 dc 73 d4 ea e3 80 9c 0e 06 29 42 1c 73 73 fb d9 e0 3f c8 f0 d0 e7 89 fc 90 6a ce c6 68 62 25 e7 18 a6 be 5b 95 03 49 37 88 10 50 2f 05 2d 3c d6 61 99 bd 0c 55 5f 1e ee f9 95 c9 b8 cf 8d dd c3 53 c6 ea 82 aa f1 02 83 b7 1e 81 46 f9 ec b5 16 1f 1e 67 ec 73 14 9e a1 48 9b 3d 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05 16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09 00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04 0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74 65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73 20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16 54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20 43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c 1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61 6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17 0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 cb 60 d7 ff 66 a1 41 cd d2 fa 87 97 8a 73 ab 99 4d ea 67 39 5a a1 60 80 47 15 4e 8c 95 b2 e5 cf ce d3 57 4b 8d ce f8 56 6c 15 55 76 07 ea 46 fd c8 03 45 63 3e 70 d4 ab 54 80 b1 23 9c be 37 28 a9 09 ff 05 5d 18 0f c4 98 99 37 b3 20 f6 66 78 17 87 c2 9d 0e cc 4a 32 e7 16 9d ae 0e 8d 29 79 07 00 20 54 dc 15 5f 4a 96 d7 78 b6 34 d3 c1 74 b5 9d e9 bf c0 77 4d ea bd 59 07 e0 5a 2f 6c 3c a5 00 dc 35 bd 65 0d 8f 7f 32 6d f2 5a 6a 4b 62 01 ee ac 38 34 59 45 36 49 05 da 78 ca 6a 6d 5b c0 81 6b 11 cc d2 3c a8 8b f8 71 1a ca 3b e2 80 dd 16 b4 67 7a 8b 36 ea 4e 91 29 3d b3 51 5c ad a8 0c be 9d 34 e3 d1 0d 17 83 75 c4 39 1e b0 94 0b 12 f1 d5 69 8e 25 f4 b8 3d 2b bf c0 8e c3 1e 3b a5 bf 55 10 ab 2a ae 17 97 5e 33 ce c8 f3 f4 09 07 e3 02 86 31 46 6b 01 c5 10 0c 11 c7 59 e9 02 03 01 00 01 a3 82 01 74 30 82 01 70 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 1d 06 03 55 1d 0e 04 16 04 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 bf 59 20 36 00 79 a0 a0 22 6b 8c d5 f2 61 d2 b8 2c cb 82 4a 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 02 30 33 06 03 55 1d 20 04 2c 30 2a 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 08 06 06 67 81 0c 01 02 02 30 4c 06 03 55 1d 1f 04 45 30 43 30 41 a0 3f a0 3d 86 3b 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 72 6c 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 72 6c 30 81 86 06 08 2b 06 01 05 05 07 01 01 04 7a 30 78 30 2c 06 08 2b 06 01 05 05 07 30 01 86 20 68 74 74 70 3a 2f 2f 6f 63 73 70 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 6f 63 73 70 72 30 48 06 08 2b 06 01 05 05 07 30 02 86 3c 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 63 72 74 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 65 72 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 87 0b ff 3e 02 9b 65 c8 56 2d d6 3b 9a 98 8b 71 4f da ba 29 aa 21 f9 46 2e f5 b2 a4 0f ae 11 38 79 38 b3 0e 74 ba 76 5d 9e e8 18 82 96 62 db 4c 33 e8 dd f9 6a df 32 bd 2c 4c 47 60 55 7f e7 74 6b b4 2c 83 d8 79 6b b6 b7 4d 50 0b 66 07 b5 ed b3 97 ad ea ee 7f 30 e6 99 fd 22 e2 72 4d 3e 84 5b ee f9 cf 99 ea 7f d7 52 39 2e ac 98 00 44 7e 69 3b bf 75 ee d0 0b 3b 1a cd e5 f7 0f 22 6c 47 84 f6 a5 47 a0 fd d0 1a 34 7d ad d2 3d 77 b3 ee f4 d7 4d ff c3 e8 e5 92 4f 59 3e 90 47 10 4a b0 85 58 c0 6f 7f f8 ae ed 08 42 9e 1e d4 df 14 2e 4d 8f bc 9e 94 c3 e7 ed f6 18 f8 3c 49 e7 26 a8 a7 36 d8 2c de 22 cd 8b 82 d8 d9 78 e2 55 12 a3 3b 87 44 b6 11 0b d5 0c 52 af 69 8c 0f 06 df d0 a2 53 8b 57 98 7b cf fd 07 24 f4 fc bd c3 fd 4a 92 02 97 1b f2 b7 b6 cf 65 8a 1a a2 b5 72 19 39
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=3 buf='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2'
CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2' hash=91e2f5788d5810eba7ba58737de1548a8ecacd014598bc0b143e041b17052552
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=2 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2'
CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2' hash=f660b0c256481cb2bfc67661c1ea8feee395b7141bcac36c36e04d08cd9e1582
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' hash=1257aac2f4eeac6ca4942c2c83f0b67b41a3b47120c4d53429929513acad468c
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=DE/ST=Hessen/L=Giessen/O=Technische Hochschule Mittelhessen/OU=ITS/CN=wlan.thm.de'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=DE/ST=Hessen/L=Giessen/O=Technische Hochschule Mittelhessen/OU=ITS/CN=wlan.thm.de' hash=1b22757b5f19a15e7d59e799e7b191827893a9e11a1fe1b32013b3bbcaf8ec40
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:wlan.thm.de
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:eduroam.thm.de
EAP: Status notification: remote certificate verification (param=success)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 4d
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=333): 0c 00 01 49 03 00 17 41 04 42 26 0e 4f 78 3f ff 3a 23 06 9d 5c 46 c3 98 2e 5e 40 5f f2 d4 7e 30 38 92 a9 a2 55 fb 0f 6f 6e f8 24 65 14 1a c7 0a 91 14 2d e4 70 ed 79 2d 57 d1 cf d7 d2 86 69 04 27 15 67 bc 25 fe f1 6b 71 04 01 01 00 1d c2 fc cd 00 ef 29 0a 00 c4 10 b6 4c d5 ca 2a bf ba e9 b5 2e b2 2a 97 6a 1f 12 1b 2c 24 ca dd 8e 67 ee b0 a1 8c cf a7 a7 03 47 b9 13 ad 07 75 e6 99 1c 30 57 b5 88 31 45 e5 43 77 a1 8a b2 f0 a6 70 6c 8e 53 ed bc 2b e6 89 44 79 6d f8 3f 20 7c 5b de 3a 33 90 ca d9 de 9a 6b fb d0 e3 40 85 6c e9 5c b0 36 c2 88 a5 7a e4 ad bb ee e5 0e 3f 35 0b b0 e9 47 d8 12 b7 ae 52 23 52 5f 4f 8a be 1a 41 cd 9e c9 f0 9f 1a 43 52 84 d0 58 b7 a4 05 25 f4 6c 48 15 36 69 e5 2f 67 78 9b 54 5a 14 d3 96 60 66 d1 95 5e 3b 53 98 52 dc 57 a9 3b d7 d8 4d 67 8b 56 f6 64 20 38 ae aa 6a ac 6b a9 6d 51 01 dc d3 12 84 87 84 24 fb 58 6f 0c cf 44 00 27 6b 30 81 1d c7 f4 ed 7a ec 2e 80 b0 0d f6 67 75 e2 91 21 88 79 1a 36 85 29 b8 05 70 7d 2b 25 bf 46 53 96 3d 53 6d 82 8d 6a de bf 0e 58 1e eb ce
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 46
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=70): 10 00 00 42 41 04 13 51 c0 9b bb 7d f8 f4 f7 5d cf 3d c7 a2 10 5d 37 8a e4 b7 2a bd 9e 9f 2d 70 bb 35 b4 13 95 4e 30 1a 68 4c cc 53 ff cd 44 e9 58 35 5b 20 3b f4 d6 10 bf 3d d7 f2 78 44 01 d1 ad 0b d5 a7 86 a1
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 71 95 b3 04 fa 05 62 f4 09 2e b8 c1
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in unknown state
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in unknown state
SSL: SSL_connect - want more data
SSL: 126 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 126 bytes left to be sent out (of total 126 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xbbdf10
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=136)
TX EAP -> RADIUS - hexdump(len=136): 02 07 00 88 19 80 00 00 00 7e 16 03 03 00 46 10 00 00 42 41 04 13 51 c0 9b bb 7d f8 f4 f7 5d cf 3d c7 a2 10 5d 37 8a e4 b7 2a bd 9e 9f 2d 70 bb 35 b4 13 95 4e 30 1a 68 4c cc 53 ff cd 44 e9 58 35 5b 20 3b f4 d6 10 bf 3d d7 f2 78 44 01 d1 ad 0b d5 a7 86 a1 14 03 03 00 01 01 16 03 03 00 28 19 fe 57 76 46 ec 88 6d 72 1e 9d da 1a 1e a7 8f b7 3d 14 15 74 f9 cc 35 96 a5 a1 68 ce 07 82 4b e3 ea 63 c0 b8 d3 f7 af
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=277
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=138
Value: 0207008819800000007e16030300461000004241041351c09bbb7df8f4f75dcf3dc7a2105d378ae4b72abd9e9f2d70bb35b413954e301a684ccc53ffcd44e958355b203bf4d610bf3dd7f2784401d1ad0bd5a786a1140303000101160303002819fe577646ec886d721e9dda1a1ea78fb73d141574f9cc3596a5a168ce07824be3ea63c0b8d3f7af
Attribute 24 (State) length=18
Value: 36756a57307273b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: afa6b0f7c47fce5bd740a872af3e0579
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 115 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=115
Attribute 79 (EAP-Message) length=59
Value: 01080039190014030300010116030300280fd68d4b19060658904277a06138c333311fcdb3599091d039495d5758d3976496835893c8facd12
Attribute 80 (Message-Authenticator) length=18
Value: fea63cd80dd13eff29bea6b76d36d6f0
Attribute 24 (State) length=18
Value: 36756a57317d73b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.07 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=8 len=57) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=8 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=57) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: RX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 62 3e cc 79 b1 80 6a 5f bf 34 6c bf
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:unknown state
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): d4 77 09 ff 4b 16 03 f8 2d 1a 4d 11 6c 9a 08 08 ae 33 ed 00 2b 99 96 59 89 bd ba 84 47 b7 43 cd 4e a5 ac ff 26 ed ad 09 30 9d d1 cb 06 5f ca 22 e5 20 1a 22 a2 19 d2 bb 9e e6 13 49 60 0b 16 f4
EAP-PEAP: Derived Session-Id - hexdump(len=65): 19 c9 a1 36 41 46 e1 cd 1c 91 0a 57 7e 84 56 88 99 0b 26 9b 0d 1a 3c 46 f9 db 4f 82 d7 d7 b2 c6 b7 71 14 3b 0c e8 2e 9b d4 0c 34 9d a3 1b 31 b4 1e 48 0c 6d 94 df 5d 2f 5e 62 74 60 ab 64 62 09 c1
SSL: Building ACK (type=25 id=8 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9aed0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 08 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=147
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020800061900
Attribute 24 (State) length=18
Value: 36756a57317d73b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: ac2ffb7ef8e847509704a39597365c42
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 98 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=98
Attribute 79 (EAP-Message) length=42
Value: 010900281900170303001d0fd68d4b19060659efce50b81e6f589269ba672a4876967bc2cc031e48
Attribute 80 (Message-Authenticator) length=18
Value: 5cd6e529c9a3f4e648136b3cffdcf0ee
Attribute 24 (State) length=18
Value: 36756a573e7c73b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=9 len=40) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=9 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=40) - Flags 0x00
EAP-PEAP: received 34 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1d
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 09 00 05 01
EAP-PEAP: received Phase 2: code=1 identifier=9 length=5
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=8):
74 65 73 74 75 73 65 72 testuser
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=13): 02 09 00 0d 01 74 65 73 74 75 73 65 72
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 21
SSL: 38 bytes left to be sent out (of total 38 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xbbc1e0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=44)
TX EAP -> RADIUS - hexdump(len=44): 02 09 00 2c 19 00 17 03 03 00 21 19 fe 57 76 46 ec 88 6e 17 8a 86 ab 56 c8 02 72 68 62 f4 2d 3e ed 48 ce f0 14 66 61 23 01 6c 66 a1
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=185
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=46
Value: 0209002c1900170303002119fe577646ec886e178a86ab56c802726862f42d3eed48cef014666123016c66a1
Attribute 24 (State) length=18
Value: 36756a573e7c73b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 4fdc53edc321413300258f431a199ba8
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 126 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=9 length=126
Attribute 79 (EAP-Message) length=70
Value: 010a0044190017030300390fd68d4b1906065ab24ef08aa8e0b642cdd10c3e67fea48ce78279c7a6cf8f31bf79bbd909194febe6ecf216210e3528c88b69774f509fca15
Attribute 80 (Message-Authenticator) length=18
Value: cbca457fd5f47a8527b8e2c3b75149e2
Attribute 24 (State) length=18
Value: 36756a573f7f73b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=10 len=68) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=10 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=68) - Flags 0x00
EAP-PEAP: received 62 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 39
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=33): 1a 01 0a 00 20 10 51 16 59 24 f3 f1 d8 64 6c 53 ec 44 fd 21 d4 51 77 6c 61 6e 2e 74 68 6d 2e 64 65
EAP-PEAP: received Phase 2: code=1 identifier=10 length=37
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26
EAP-MSCHAPV2: RX identifier 10 mschapv2_id 10
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=11):
77 6c 61 6e 2e 74 68 6d 2e 64 65 wlan.thm.de
EAP-MSCHAPV2: Generating Challenge Response
Get randomness: len=16 entropy=0
random from os_get_random - hexdump(len=16): 80 66 d2 39 cb f3 82 bc 7c c1 a0 ce 07 d4 c1 ea
random_mix_pool - hexdump(len=20): 0d b9 b1 bf 70 7c bd fa 8b 8c 0a 46 d8 96 87 a4 8e 89 0d 7d
random from internal pool - hexdump(len=16): 52 c7 66 0a bf 85 ed d3 d8 c1 5b 8c 5d 36 f0 8e
mixed random - hexdump(len=16): d2 a1 b4 33 74 76 6f 6f a4 00 fb 42 5a e2 31 64
MSCHAPV2: Identity - hexdump_ascii(len=8):
74 65 73 74 75 73 65 72 testuser
MSCHAPV2: Username - hexdump_ascii(len=8):
74 65 73 74 75 73 65 72 testuser
MSCHAPV2: auth_challenge - hexdump(len=16): 51 16 59 24 f3 f1 d8 64 6c 53 ec 44 fd 21 d4 51
MSCHAPV2: peer_challenge - hexdump(len=16): d2 a1 b4 33 74 76 6f 6f a4 00 fb 42 5a e2 31 64
MSCHAPV2: username - hexdump_ascii(len=8):
74 65 73 74 75 73 65 72 testuser
MSCHAPV2: password - hexdump_ascii(len=8):
74 65 73 74 70 61 73 73 testpass
MSCHAPV2: NT Response - hexdump(len=24): 9c 85 9d b0 ac 51 21 69 3e e4 26 6a 86 30 14 93 3e 2d 5c 6f f3 3d c0 66
MSCHAPV2: Auth Response - hexdump(len=20): a4 91 ce e7 fe 7e 14 29 04 fc ed 55 8e 80 bf ca bd a4 45 39
MSCHAPV2: Master Key - hexdump(len=16): 34 9e d9 76 5f d8 54 c9 db dd f0 42 70 25 65 9e
EAP-MSCHAPV2: TX identifier 10 mschapv2_id 10 (response)
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=67): 02 0a 00 43 1a 02 0a 00 3e 31 d2 a1 b4 33 74 76 6f 6f a4 00 fb 42 5a e2 31 64 00 00 00 00 00 00 00 00 9c 85 9d b0 ac 51 21 69 3e e4 26 6a 86 30 14 93 3e 2d 5c 6f f3 3d c0 66 00 74 65 73 74 75 73 65 72
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 57
SSL: 92 bytes left to be sent out (of total 92 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb9a320
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=98)
TX EAP -> RADIUS - hexdump(len=98): 02 0a 00 62 19 00 17 03 03 00 57 19 fe 57 76 46 ec 88 6f 5d e8 98 20 78 af c4 f8 1d 9a 62 eb 93 85 b6 8d 12 58 89 5e c3 16 ea 62 2b d8 f0 2d 07 2f a9 dc 0b 35 09 e4 8f 94 46 e6 df fa 05 94 3f 08 6a 91 6a 72 e7 46 89 8b 2e b7 53 c5 6c 88 38 ab e3 07 2f 5b 20 8f df dc 9d 82 2b ad 17 7f 4e 0d 85
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=10 length=239
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=100
Value: 020a00621900170303005719fe577646ec886f5de8982078afc4f81d9a62eb9385b68d1258895ec316ea622bd8f02d072fa9dc0b3509e48f9446e6dffa05943f086a916a72e746898b2eb753c56c8838abe3072f5b208fdfdc9d822bad177f4e0d85
Attribute 24 (State) length=18
Value: 36756a573f7f73b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 51698431a58233a21603d371accfc29c
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 104 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=10 length=104
Attribute 79 (EAP-Message) length=48
Value: 010b002e190017030300230fd68d4b1906065bf6150cc50cb7e3316bb7899d11646bda79301f008e0761da18da28
Attribute 80 (Message-Authenticator) length=18
Value: 5f0fdb518d263574a1bd237b0b7d4dbd
Attribute 24 (State) length=18
Value: 36756a573c7e73b885da367fcf611ff7
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=11 len=46) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=11 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=46) - Flags 0x00
EAP-PEAP: received 40 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0b 00 0b 21 80 03 00 02 00 02
EAP-PEAP: received Phase 2: code=1 identifier=11 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 02
EAP-TLV: Result TLV - hexdump(len=2): 00 02
EAP-TLV: TLV Result - Failure
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 0b 00 0b 21 80 03 00 02 00 02
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
SSL: 40 bytes left to be sent out (of total 40 bytes)
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=0xbad750
EAP: Session-Id - hexdump(len=65): 19 c9 a1 36 41 46 e1 cd 1c 91 0a 57 7e 84 56 88 99 0b 26 9b 0d 1a 3c 46 f9 db 4f 82 d7 d7 b2 c6 b7 71 14 3b 0c e8 2e 9b d4 0c 34 9d a3 1b 31 b4 1e 48 0c 6d 94 df 5d 2f 5e 62 74 60 ab 64 62 09 c1
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=46)
TX EAP -> RADIUS - hexdump(len=46): 02 0b 00 2e 19 00 17 03 03 00 23 19 fe 57 76 46 ec 88 70 5e 2d 4c b4 5c 9a 1c 24 8f 95 ff 44 32 24 eb cb 90 08 41 0c c1 4c 91 6d c7 a5 63
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=11 length=187
Attribute 1 (User-Name) length=16
Value: 'eduroam at thm.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=48
Value: 020b002e1900170303002319fe577646ec88705e2d4cb45c9a1c248f95ff443224ebcb9008410cc14c916dc7a563
Attribute 24 (State) length=18
Value: 36756a573c7e73b885da367fcf611ff7
Attribute 80 (Message-Authenticator) length=18
Value: 286b3652ec3c2bf0ecc6d58459e3a3a7
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=11 length=44
Attribute 79 (EAP-Message) length=6
Value: 040b0004
Attribute 80 (Message-Authenticator) length=18
Value: 45346fb223da72dd6fabe28fcd6a6fd5
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=4 id=11 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=0
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5391 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200723/9c2c3e57/attachment-0001.bin>
More information about the Freeradius-Users
mailing list