From: Hu Wang <huw@qti.qualcomm.com>
Date: Wed, 13 Aug 2025 02:54:49 +0000 (-0700)
Subject: Ignore BSS temporary on PSK mismatch
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce011453ee759faf4e478843fc588d888faa7133;p=thirdparty%2Fhostap.git

Ignore BSS temporary on PSK mismatch

In a controlled test environment, using two APs with the same SSID but
different passwords, connection to the correct AP (AP#2) failed. This
was particularly evident when AP#2 utilized a WPA/WPA2 TKIP+AES
configuration (CCMP pairwise, TKIP group cipher), highlighting challenges
in correctly discerning PSK mismatches across varied security types.

To resolve this, the ignore the BSS resulting in a PSK mismatch
temporarily. This forces wpa_supplicant to consider and attempt
connection to other available BSSs for the same ESS, allowing it to
eventually reach the correct access point accepting the locally
configured parameters.

This enhances connection reliability in dense or complex Wi-Fi
environments where multiple APs share an SSID but have varying security
credentials.

Signed-off-by: Hu Wang <huw@qti.qualcomm.com>
---

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 37241b9f2..0e48a31a2 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -4727,6 +4727,10 @@ static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s,
 			"pre-shared key may be incorrect");
 		if (wpas_p2p_4way_hs_failed(wpa_s) > 0)
 			return; /* P2P group removed */
+		bssid = wpa_s->bssid;
+		if (is_zero_ether_addr(bssid))
+			bssid = wpa_s->pending_bssid;
+		wpa_bssid_ignore_add(wpa_s, bssid);
 		wpas_auth_failed(wpa_s, "WRONG_KEY", wpa_s->pending_bssid);
 		wpas_notify_psk_mismatch(wpa_s);
 	}