[RADIATOR] iOS5 and untrusted/not verified EAP certificates

Alexander Hartmaier alexander.hartmaier at t-systems.at
Thu Feb 9 08:11:18 CST 2012


Hi Mike,

does IOS 5.1 finally support PEAP-TLS?

Best regards, Alex

Am 2012-02-09 14:08, schrieb Mike Puchol:
> Hi all,
>
> I'm testing EAP-PEAP with an iPad running iOS5.1, and even though I'm
> using an SSL certificate from Digicert, signed using SHA-1, and Digicert
> being on the list of trusted CAs by iOS (I even checked the serial
> number, which is good), I get the following on the iPad's debug console:
>
> Feb  9 14:02:08 Mikes-iPad kernel[0] <Debug>:
> AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK,
> index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
> Feb  9 14:02:08 Mikes-iPad eapolclient[149] <Notice>:
> peap_verify_server: server certificate not trusted, status 3 0
> Feb  9 14:02:08 Mikes-iPad Preferences[93] <Warning>:
> -[WiFiManager(Private) _enterpriseAssociationResult:withInfo:]: User
> Information required
> Feb  9 14:02:10 Mikes-iPad eapolclient[149] <Notice>:
> peap_verify_server: server certificate not trusted, status 3 0
> Feb  9 14:02:16 Mikes-iPad eapolclient[149] <Notice>:
> peap_verify_server: server certificate not trusted, status 3 0
>
> The iPad then shows up an "Add certificate" dialog, but with a big red
> button and the text "Not verified". My guess is that it's trying to
> check a CRL, but of course, being still offline, this cannot be done.
>
> Has anyone successfully connected an iOS5 device using EAP without "bad
> certificate" warnings? As clarification, I'm not using provisioning
> profiles, so the iPad doesn't "know" the network when it first connects
> to it.
>
> Cheers,
>
> Mike
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*


More information about the radiator mailing list