RSN-IE mismatch and WPA2 preauth

Jouni Malinen jkmaline
Mon Jan 31 20:00:20 PST 2005

On Wed, Jan 26, 2005 at 10:32:30AM -0500, Zimmermann, Christopher Brian (Chris) wrote:

> I am doing something very similar to that.  I keep a local copy of the
> scan results I report via .get_scan_results function.  When I report
> EVENT_ASSOCINFO, and before I report EVENT_ASSOC...I actually change the
> wpa_s->ap_rsn_ie field.

I looked into some more details of this and wpa_supplicant did not seem
to check WPA/RSN IE in message 3/4 at all when ap_scan=2 (i.e., no
scanning) was used. Actually, this made the Windows version able to roam
to another AP with different RSN IE after pre-auth.. Of course, this was
not exactly correct, since the IE verification was just bypassed

The current CVS version has a fix for this. A copy of the last scan
results are kept locally and if the cached results do not include the
new AP, scan results are required again when message 3/4 is processed.
This seemed to work with driver_ndis.c. Alternatively, drivers can also
report the Beacon/ProbeResp IEs as part of EVENT_ASSOCINFO if the needed
data is available at that point.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list