[PATCH] dpp: Fix association with hidden SSID via directed probing

[Gustavo Bertoli]

When a station receives a DPP Configuration Object and the AP's
SSID is hidden (ignore_broadcast_ssid=1), the auto-provisioned
network never associates. The DPP handshake completes successfully
and the Config Object is accepted, but wpa_supplicant subsequently
triggers a passive scan. Because the AP does not respond to wildcard
Probe Requests, no matching network is found and the session sits
silently disconnected.

Log shows the handshake succeeding without any subsequent SME
authentication attempts:

wlan1: DPP-CONF-RECEIVED
wlan1: DPP-CONFOBJ-AKM sae
wlan1: DPP-CONFOBJ-SSID DPP
wlan1: DPP-NETWORK-ID 0
wlan1: DPP-TX dst=... type=11

wpas_dpp_add_network() leaves ssid->scan_ssid=0. The DPP enrollee
receives the SSID through an authenticated channel (the DPP Config
Object) and already knows the exact target SSID.

Set scan_ssid=1 for the network block created by
wpas_dpp_add_network(). This ensures directed probing is used,
allowing the DPP enrollee to successfully discover and associate
with a hidden network while remaining functional for broadcast SSIDs.

Signed-off-by: Gustavo Bertoli <gubertoli at gmail.com>
---
 wpa_supplicant/dpp_supplicant.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index a55d0e7ab..3ae40ad64 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1445,6 +1445,7 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
 		goto fail;
 	os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
 	ssid->ssid_len = conf->ssid_len;
+	ssid->scan_ssid = 1;
 
 #ifdef CONFIG_DPP3
 	if (conf->akm == DPP_AKM_SAE && conf->password_id[0]) {
-- 
2.43.0