]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91db940)
FT: Disable PMKSA caching with FT
authorJouni Malinen <jouni@codeaurora.org>
Mon, 21 May 2018 19:18:50 +0000 (22:18 +0300)
committerJouni Malinen <j@w1.fi>
Mon, 21 May 2018 19:18:50 +0000 (22:18 +0300)
PMKSA caching with FT is not fully functional, so disable the case for
now, so that wpa_supplicant does not end up trying to connect with a
PMKSA cache entry from another AKM. FT-EAP was already modified long
time ago to not add PMKSA cache entries itself.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpa_supplicant/wpa_supplicant.c patch | blob | blame | history

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index dcd787becbe82979bc365f63fc399427d550bed9..3de9198546cb7fdb8e4b157c16e8b85668806eaf 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1389,6 +1389,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
        } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
                wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
                wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
+               if (pmksa_cache_get_current(wpa_s->wpa)) {
+                       /* PMKSA caching with FT is not fully functional, so
+                        * disable the case for now. */
+                       wpa_dbg(wpa_s, MSG_DEBUG,
+                               "WPA: Disable PMKSA caching for FT/802.1X connection");
+                       pmksa_cache_clear_current(wpa_s->wpa);
+               }
        } else if (sel & WPA_KEY_MGMT_FT_PSK) {
                wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
                wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
Unnamed repository; edit this file 'description' to name the repository.