SAE: Do not ignore option sae_require_mfp
Without this patch sae_require_mfp is always activate, when ieee80211w
is set to optional all stations negotiating SAEs are being rejected when
they do not support PMF. With this patch hostapd only rejects these
stations in case sae_require_mfp is set to some value and not null.
Fixes ba3d435fe4 ("SAE: Add option to require MFP for SAE associations")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
Hauke Mehrtens
Jouni Malinen
parent
dc1b1c8db7
commit
74eebe93d0
1 changed files with 1 additions and 0 deletions
|
|
@ -751,6 +751,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|||
|
||||
#ifdef CONFIG_SAE
|
||||
if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
|
||||
wpa_auth->conf.sae_require_mfp &&
|
||||
wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
|
||||
!(data.capabilities & WPA_CAPABILITY_MFPC)) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
|
|
|
|||
Loading…
Reference in a new issue