From: Jouni Malinen <j@w1.fi>
Date: Sun, 19 Aug 2012 09:53:45 +0000 (+0300)
Subject: HS 2.0: Do not allow AP hs20=1 configuration without RSN
X-Git-Tag: hostap_2_0~383
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99be648c5d5ab786900f016848c88a602f5ae737;p=thirdparty%2Fhostap.git

HS 2.0: Do not allow AP hs20=1 configuration without RSN

Hotspot 2.0 networks are required to use WPA2-Enterprise/CCMP, so
enforce this while validating hostapd configuration.

Signed-hostap: Jouni Malinen <j@w1.fi>
---

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index a45fd2907..c3c2f73da 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1226,6 +1226,17 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
 	}
 #endif /* CONFIG_WPS2 */
 
+#ifdef CONFIG_HS20
+	if (bss->hs20 &&
+	    (!(bss->wpa & 2) ||
+	     !(bss->rsn_pairwise & WPA_CIPHER_CCMP))) {
+		wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
+			   "configuration is required for Hotspot 2.0 "
+			   "functionality");
+		return -1;
+	}
+#endif /* CONFIG_HS20 */
+
 	return 0;
 }