From: Pablo MARTIN-GOMEZ <pmartin-gomez@freebox.fr>
Date: Fri, 19 Dec 2025 18:24:35 +0000 (+0100)
Subject: Allow incompatible SAE H2E conf if there is a non-SAE alternative
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=26fd0bbb5bdde80a0fe9c9f1082f66ef0bcb5cff;p=thirdparty%2Fhostap.git

Allow incompatible SAE H2E conf if there is a non-SAE alternative

Currently, if a configuration forces SAE H2E and SAE is among the key
management authorized, wpa_supplicant will skip a network that does not
support SAE H2E, even if that network does not support SAE or has
alternatives AKMs that could work with the configuration.

Skip a network only if a configuration requires a SAE key management.

Signed-off-by: Pablo Martin-Gomez <pmartin-gomez@freebox.fr>
---

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index da10414dd..e74099eec 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1438,7 +1438,7 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
 	if ((sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
 	     is_6ghz_freq(bss->freq) || ssid->sae_password_id) &&
 	    sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
-	    wpa_key_mgmt_sae(ssid->key_mgmt) &&
+	    wpa_key_mgmt_only_sae(ssid->key_mgmt) &&
 	    !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
 		if (debug_print)
 			wpa_dbg(wpa_s, MSG_DEBUG,