[openssl-users] Android Wifi setup / CA certificate / always getting SSL fatal error

Jeffrey Walton noloader at gmail.com
Tue May 26 23:29:49 UTC 2015


On Tue, May 26, 2015 at 7:21 PM, Ben Humpert <ben at an3k.de> wrote:
> Hi everybody,
>
> I have my RADIUS server running and Windows as well as MacOS and iOS
> can successfully authenticate using EAP-PEAP, EAP-TTLS or EAP-TLS each
> with server certificate validation. However, Android 4.4.4 can not and
> I can't figure out why.
>
> ...
> Because of that I really have to ask what the funk is wrong with
> Android? From all the tests I did not it feels like Android is sending
> the certificates in the wrong order, so instead of sending the client
> cert first it sends the CA cert first and thus RADIUS / OpenSSL errors
> because it expected a client cert. Sadly I can't select the client
> cert as a CA certificate or vice-versa.
>
> Any help is much appreciated!
>
Maybe related.... The mother of all process is Zygote. An Android
Activity is effectively forked from it (some hand waiving).

Zygote loads a down level version of OpenSSL. It used to be 0.9.8, but
its an odd mix of 1.0.0 and 1.0.1 now. When your app attempts to load
its version of OpenSSL carried around in the JNI folder, its not
loaded because Zygote already loaded a down level version provided by
the platform.

So one of my first guesses would be a bug is present due to the way
AOSP supplies OpenSSL modulo the way the way Zygote works.

Jeff


More information about the openssl-users mailing list