由于我升级到 Debian 10,我无法连接到eduroam。事实证明,我的雇主决定使用使用散列函数EAP-TLS签名的客户端证书。MD5
从我在网上可以找到的内容来看,MD5签名证书在 OpenSSL 1.1 版中被禁用,并且wpa_supplicant日志似乎证实了这一点:
wpa_supplicant[718]: EAP: EAP entering state RECEIVED
wpa_supplicant[718]: EAP: Received EAP-Request id=3 method=13 vendor=0 vendorMethod=0
wpa_supplicant[718]: EAP: EAP entering state GET_METHOD
wpa_supplicant[718]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
wpa_supplicant[718]: EAP: Status notification: accept proposed method (param=TLS)
wpa_supplicant[718]: EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
wpa_supplicant[718]: TLS: using phase1 config options
wpa_supplicant[718]: TLS: Trusted root certificate(s) loaded
wpa_supplicant[718]: OpenSSL: tls_connection_client_cert - SSL_use_certificate_file failed error:140C618E:SSL routines:SSL_use_certificate:ca md too weak
wpa_supplicant[718]: TLS: Failed to set TLS connection parameters
wpa_supplicant[718]: ENGINE: engine deinit
wpa_supplicant[718]: EAP-TLS: Failed to initialize SSL.
wpa_supplicant[718]: wlp4s0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
OpenSSL 1.1 中有没有办法启用MD5,最好只用于wpa_supplicant?