From: Badrish Adiga H R <badrish.adigahr@xxxxxxxxx> 1. API ieee802_1x_mka_decode_dist_sak_body wrongly puts participant->to_use_sak to TRUE, if invalid DIstributed SAK Parameter Set is received 2. when number of live peers become 0, the flags such lrx, ltx, orx, otx etc. needs to be cleared. In MACsec PSK mode, these stale values create problems, while re-establishing CA... Signed-off-by: Badrish Adiga H R <badrish.adigahr@xxxxxxxxx> --- src/pae/ieee802_1x_kay.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 1d6d9a9..e81ae0c 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body( ieee802_1x_cp_connect_authenticated(kay->cp); ieee802_1x_cp_sm_step(kay->cp); wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec"); - participant->to_use_sak = TRUE; + participant->to_use_sak = FALSE; return 0; } @@ -2377,6 +2377,12 @@ static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx) participant->advised_capability = MACSEC_CAP_NOT_IMPLEMENTED; participant->to_use_sak = FALSE; + participant->ltx = FALSE; + participant->lrx = FALSE; + participant->otx = FALSE; + participant->orx = FALSE; + participant->is_key_server = FALSE; + participant->is_elected = FALSE; kay->authenticated = TRUE; kay->secured = FALSE; kay->failed = FALSE; -- 2.6.1.133.gf5b6079 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap