From cc2d03601b70667b23928882e2b4bae336de2b7c Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 9 Jun 2020 00:55:13 +0300 Subject: [PATCH] HS 2.0: Use global pmf=2 for the created network block Previously, PMF support was enabled in optional mode (ieee80211w=1) for Hotspot 2.0 network blocks automatically. This did not consider the global PMF parameter and unconditionally changed that value to optional. Since the newly added network block had an explicit ieee80211w parameter, this overrode the global parameter. To make this less surprising, use the global pmf parameter value to select whether to add network blocks for Hotspot 2.0 with PMF being optionally enabled (pmf=0 or pmf=1) or required (pmf=2). Signed-off-by: Jouni Malinen --- wpa_supplicant/interworking.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index a380123b3..b1ddd0925 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -959,7 +959,9 @@ static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s, "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP"; if (wpa_config_set(ssid, "key_mgmt", key_mgmt, 0) < 0 || wpa_config_set(ssid, "proto", "RSN", 0) < 0 || - wpa_config_set(ssid, "ieee80211w", "1", 0) < 0 || + wpa_config_set(ssid, "ieee80211w", + wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_REQUIRED ? + "2" : "1", 0) < 0 || wpa_config_set(ssid, "pairwise", "CCMP", 0) < 0) return -1; return 0;