[PATCH] AP: guard FT-SAE code with CONFIG_IEEE80211R_AP

Jouni Malinen j at w1.fi
Wed Apr 6 13:21:19 PDT 2022


On Mon, Apr 04, 2022 at 09:13:12AM +0200, Beniamino Galvani wrote:
> wpa_supplicant doesn't support FT in AP mode, but it still negotiates
> FT-SAE. This can lead to an authentication failure when the AP is
> started with key_mgmt="SAE FT-SAE" and the STA supports both.
> 
> Ensure that FT-SAE is not negotiated when CONFIG_IEEE80211R_AP is not
> defined.

This sounds like hiding the problem with invalid configuration instead
of addressing that more explicitly. Wouldn't it be better to refuse to
start the AP mode operation if it is configured with unsupported
key_mgmt value? I'm not keen on having the configuration indicate
something is enabled when it is actually not in practice.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list