It looks like some Windows NDIS drivers (e.g., Intel) do not clear the
PMKID list even when wpa_supplicant explicitly sets the list to be
empty. In such a case, the driver ends up trying to use PMKSA caching
with the AP and wpa_supplicant may not have the PMK that would be needed
to complete 4-way handshake.
RSN processing already had some code for aborting PMKSA caching by
sending EAPOL-Start. However, this was not triggered in this particular
case where the driver generates the RSN IE. With this change, this case
is included, too, and the failed PMKSA caching attempt is cleanly
canceled and wpa_supplicant can fall back to full EAP authentication.
"caching attempt");
sm->cur_pmksa = NULL;
abort_cached = 1;
- } else {
+ } else if (!abort_cached) {
return -1;
}
}
with driver_nl80211.c (the old code from driver_wext.c was removed)
* added support (Linux only) for RoboSwitch chipsets (often found in
consumer grade routers); driver interface 'roboswitch'
+ * fixed canceling of PMKSA caching when using drivers that generate
+ RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know
+ about
2008-11-01 - v0.6.5
* added support for SHA-256 as X.509 certificate digest when using the
projects / thirdparty / hostap.git / commitdiff
