Allow incompatible SAE H2E conf if there is a non-SAE alternative

Currently, if a configuration forces SAE H2E and SAE is among the key
management authorized, wpa_supplicant will skip a network that does not
support SAE H2E, even if that network does not support SAE or has
alternatives AKMs that could work with the configuration.

Skip a network only if a configuration requires a SAE key management.

Signed-off-by: Pablo Martin-Gomez <pmartin-gomez@freebox.fr>

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index da10414dd58c89056fbb64f9a6840b577b5b0fb0..e74099eecf2426e6c5eeafb4408a11bbf4ab183d 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1438,7 +1438,7 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
        if ((sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
             is_6ghz_freq(bss->freq) || ssid->sae_password_id) &&
            sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
-           wpa_key_mgmt_sae(ssid->key_mgmt) &&
+           wpa_key_mgmt_only_sae(ssid->key_mgmt) &&
            !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
                if (debug_print)
                        wpa_dbg(wpa_s, MSG_DEBUG,