[PATCH] Ignore RSNX IE if the scan result does not contain one.
Jouni Malinen
j at w1.fi
Sat Dec 13 08:42:31 PST 2025
On Sat, Jul 19, 2025 at 11:49:33PM +0300, Stefan Dösinger wrote:
> This fixes a regression introduced in wpa_supplicant 2.10 that prevents
> ipw2x00 cards from connecting to mixed WPA2/3 networks.
>
> The driver does not handle WLAN_EID_RSNX elements (see libipw_rx.c,
> libipw_parse_info_param), but my WPA2/3 mixed mode AP operated by
> hostapd on OpenWRT sends it in EAPOL, which is handled by wpa_supplicant
> without driver involvement.
This would open security vulnerabilities and as such, is not really
acceptable in this form. This should be fixed in the driver. If a driver
that does not support RSNXE at all cannot be fixed but is still in wide
use, this type of workaround could be justified if a driver capability
indication were added to explicitly note that the driver has this type
of condition. Without such constraint, I don't think wpa_supplicant
should skip this type of a mandatory security validation item.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list