Desde que atualizei para o Debian 10, não consigo me conectar ao eduroam . Acontece que meu empregador decidiu usar EAP-TLScom certificados de clientes assinados usando a MD5função hash.
Pelo que posso encontrar na web, os MD5certificados assinados estão desabilitados no OpenSSL versão 1.1 e os logs wpa_supplicant parecem confirmar isso:
wpa_supplicant[718]: EAP: EAP entering state RECEIVED
wpa_supplicant[718]: EAP: Received EAP-Request id=3 method=13 vendor=0 vendorMethod=0
wpa_supplicant[718]: EAP: EAP entering state GET_METHOD
wpa_supplicant[718]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
wpa_supplicant[718]: EAP: Status notification: accept proposed method (param=TLS)
wpa_supplicant[718]: EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
wpa_supplicant[718]: TLS: using phase1 config options
wpa_supplicant[718]: TLS: Trusted root certificate(s) loaded
wpa_supplicant[718]: OpenSSL: tls_connection_client_cert - SSL_use_certificate_file failed error:140C618E:SSL routines:SSL_use_certificate:ca md too weak
wpa_supplicant[718]: TLS: Failed to set TLS connection parameters
wpa_supplicant[718]: ENGINE: engine deinit
wpa_supplicant[718]: EAP-TLS: Failed to initialize SSL.
wpa_supplicant[718]: wlp4s0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
Existe uma maneira no OpenSSL 1.1 para habilitar MD5, de preferência apenas para wpa_supplicant ?