wpa-supplicant in portage includes dependency on either openssl (USE="-gnutls") or gnutls but there are some problems when it is compiled with gnutls (both 2.3.x and 2.2.x) as crypto backend. The problem lies in the Diffie Hellman implementation where Gnutls specifies minimum length of the prime as 727 bits and this breaks (while it works with openssl) for example PEAP MSCHAPV2 authentication as can be seen from the log: 1212559564.120091: EAPOL: Received EAP-Packet frame 1212559564.120097: EAPOL: SUPP_BE entering state REQUEST 1212559564.120103: EAPOL: getSuppRsp 1212559564.120108: EAP: EAP entering state RECEIVED 1212559564.120128: EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0 1212559564.120135: EAP: EAP entering state METHOD 1212559564.120141: SSL: Received packet(len=992) - Flags 0x00 1212559564.120157: tls_pull_func - 2005 bytes remaining in pull_buf 1212559564.120169: tls_pull_func - 1931 bytes remaining in pull_buf 1212559564.120235: tls_pull_func - 1926 bytes remaining in pull_buf 1212559564.120248: tls_pull_func - 283 bytes remaining in pull_buf 1212559564.121329: tls_pull_func - 278 bytes remaining in pull_buf 1212559564.121338: tls_pull_func - 9 bytes remaining in pull_buf 1212559564.121418: tls_connection_handshake - gnutls_handshake failed -> The Diffie Hellman prime sent by the server is not acceptable (not long enough). 1212559564.121427: EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL 1212559564.121505: EAP: EAP entering state SEND_RESPONSE 1212559564.121512: EAP: EAP entering state IDLE
The error is intentional because of the weak security small DH params provide. There is a function gnutls_dh_set_prime_bits that application can call if they want to lower the built-in limit. This should probably be changed into a feature-request bug for wpa-supplicant instead.
Still valid with 1.0-r2?
