FT: Disable PMKSA caching with FT

PMKSA caching with FT is not fully functional, so disable the case for
now, so that wpa_supplicant does not end up trying to connect with a
PMKSA cache entry from another AKM. FT-EAP was already modified long
time ago to not add PMKSA cache entries itself.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-05-21 22:18:50 +03:00 committed by Jouni Malinen
parent 91db940ff0
commit 833bb2ab15

View file

@ -1389,6 +1389,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) { } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X"); wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
if (pmksa_cache_get_current(wpa_s->wpa)) {
/* PMKSA caching with FT is not fully functional, so
* disable the case for now. */
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: Disable PMKSA caching for FT/802.1X connection");
pmksa_cache_clear_current(wpa_s->wpa);
}
} else if (sel & WPA_KEY_MGMT_FT_PSK) { } else if (sel & WPA_KEY_MGMT_FT_PSK) {
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK; wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK"); wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");