EAP-TLS Signature Check Failure

Peter Bance peter at peterbance.co.uk
Thu Jun 11 14:51:31 CEST 2020 

On 2020-06-11 12:48, Alan DeKok wrote:
> On Jun 11, 2020, at 4:31 AM, Peter Bance via Freeradius-Users
> <freeradius-users at lists.freeradius.org> wrote:
>> I'm afraid I've been all around the Windows and certificate side, and 
>> I've circled back to FreeRADIUS :( I probably should have included the 
>> full session log before (sadly I didn't think to save a successful 
>> entry from iOS to compare it to, I'll try and get one when I next 
>> can). I've pasted below (I don't think I need to "redact" anything 
>> here other than the SSID and OUs, which identified the client).
>> 
>> One thing strikes me, and the reason I'm being a nuisance here again 
>> (!) - the signature validation is failing "RSA_verify_PKCS1_PSS_mgf1", 
>> but both the client and CA certificates are signed with 
>> "sha256WithRSAEncryption", and the session is TLS 1.2. However, the 
>> very first client request asks for TLS 1.3 (subsequently downgraded to 
>> 1.2).
> 
>   Well, if the TLS stuff is wrong, blame OpenSSL.  We rely on OpenSSL 
> for that.

No problem, I blame OpenSSL for a lot of things :-)

>> Could FreeRADIUS be "remembering" the initial 1.3, and thus trying an 
>> invalid signature validation on the certificate(s)?
> 
>   No.  The TLS negotiation is handled by OpenSSL, and FreeRADIUS knows
> very little about it.

OK - understood.

>   Further, EAP-TLS for TLS 1.3 isn't even standardized yet.  I've been
> in touch with the Microsoft engineer who's implementing it.  We should
> be doing Windows / FreeRADIUS interoperation in the next month or so.
> So when it is released, Windows will work.

Ah, excellent! I look forward to that, I'll see if I can find a way to 
force Windows clients to curb their enthusiasm and use 1.2 for now.

>> I've tried going through the source code, but I confess my C and TLS 
>> skills aren't up to it :-(
> 
>   I don't touch OpenSSL.  That code is a nightmare.
> 
>   Maybe it's an issue with OpenSSL?
> 
> https://github.com/openssl/openssl/issues/8443
> 
> https://bbs.archlinux.org/viewtopic.php?id=253846

Thanks - I did see those issues, and checked the root causes definitely 
not the same.

>   Are you using RedHat?

No way! :-)

Ubuntu.

> Maybe you're running into the issue of RedHat
> replacing OpenSSL with NSS.  It's not the same, and it doesn't work.
> You might have to drop the RH packages, and move to ours at
> http://packages.networkradius.com

Already using the networkradius.com repo.

Thanks again for your time looking at this. I'll head back to digging 
into Windows and see why it's misbehaving.

---
Peter Bance
Information Security Adviser

More information about the Freeradius-Users mailing list