Bug#924705: Please enable PKCS8_PRIVATE_KEY_PARSER
Control: forcemerge 924705 941098
Control: block 941651 by 924705
Control: affects 924705 iwd
Hi,
This issue was discussed today on #debian-kernel and there was a request
to add more information about its usage. Quoting what Lev has already
written in plain text below (as his html mail is not displayed very
well by the bug tracking software).
On Fri, Nov 01, 2019 at 02:32:52PM +0300, Lev Abashkin wrote:
> This feature is used by iwd for enterprise network connections.
> I had to recompile kernel to be able to use iwd in my scenario.
> Ubuntu kernel has already turned it on.
The iwd (replacement/competitor to wpa_supplicant) relies on
lots of in-kernel functionality, instead of duplicating it in
userspace. That includes the kernel crypto.
The pkcs8 parser is needed for wpa2 enterprise network connections
and without it you simply can't connect to those kind of networks.
(Connecting to wpa2 personal still works however.)
If you need more detailed information on exactly how this works I'd
recommend you talk directly to iwd upstream. They can be reached
via irc in #iwd on FreeNode, mailinglist iwd at lists.01.org (moderated
for non-subscribers), etc.
I'm merging a duplicate with similar message. Also there's apparently
no auto-module-loading for this and no nice way to handle failures, so
iwd upstream decided to cope with this by always shipping a snippet
that tries to load the pkcs8 private key parser module in case it's
built as a module. That means currently users of iwd gets a warning
about failure to load the module on the default debian kernel (which I
think is reasonable to give them a hint that something is actually not
fully set up for all kind of wifi functionality on their system). This
bug was set as a blocker for the reported problem in iwd, although I
don't really see anything to do on the iwd side.
Regards,
Andreas Henriksson
Reply to: