HS 2.0: Do not allow AP hs20=1 configuration without RSN

Hotspot 2.0 networks are required to use WPA2-Enterprise/CCMP, so
enforce this while validating hostapd configuration.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index a45fd2907440a88f2bc217b221617b74b0b6029e..c3c2f73da57ea34463a2316b21075d8fce678ef5 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1226,6 +1226,17 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
        }
 #endif /* CONFIG_WPS2 */
 
+#ifdef CONFIG_HS20
+       if (bss->hs20 &&
+           (!(bss->wpa & 2) ||
+            !(bss->rsn_pairwise & WPA_CIPHER_CCMP))) {
+               wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
+                          "configuration is required for Hotspot 2.0 "
+                          "functionality");
+               return -1;
+       }
+#endif /* CONFIG_HS20 */
+
        return 0;
 }