From: Benjamin Berg <benjamin.berg@intel.com>
Date: Thu, 18 Dec 2025 16:19:33 +0000 (+0100)
Subject: SME: Do not send RSNXE for WPA 1 connections
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f531b6d2092aebd7943801e26e9e1fd00f7f826b;p=thirdparty%2Fhostap.git

SME: Do not send RSNXE for WPA 1 connections

The element is not applicable to WPA 1 and it will not be included in
the KDE later on. However, hostapd checks that the KDE and the
association request match and deauthenticates the station if it sent the
RSNXE in the association request.

So omit sending it if the protocol is WPA_PROTO_WPA.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
---

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index a1a7b1710..a3ad07353 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -810,6 +810,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 	if (wpa_s->wpa_proto == WPA_PROTO_WPA) {
 		wpa_ie = os_memdup(wpa_s->sme.assoc_req_ie,
 				   wpa_s->sme.assoc_req_ie_len);
+		omit_rsnxe = 1;
 		if (wpa_ie) {
 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Storing WPA IE");
 
@@ -858,8 +859,8 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 		    wpa_sm_has_ft_keys(wpa_s->wpa, md)) {
 			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
 				"over-the-air");
-			omit_rsnxe = !wpa_bss_get_rsnxe(wpa_s, bss, ssid,
-							false);
+			omit_rsnxe |= !wpa_bss_get_rsnxe(wpa_s, bss, ssid,
+							 false);
 			params.auth_alg = WPA_AUTH_ALG_FT;
 			params.ie = wpa_s->sme.ft_ies;
 			params.ie_len = wpa_s->sme.ft_ies_len;