A kind reminder to review this patch... regards, Badrish On Fri, Jan 6, 2017 at 5:47 PM, Badrish Adiga H R <badrish.adigahr@xxxxxxxxx> wrote: > From: Badrish Adiga H R <badrish.adigahr@xxxxxxxxx> > > API ieee802_1x_mka_decode_dist_sak_body wrongly puts > participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of > length 0 is received; In MACsec PSK mode, this stale incorrect value can > create problems, while re-establishing CA. In MACsec PSK mode, CA goes > down if interface goes down and ideally we should be able to re-establish > the CA once interface comes up. > > Signed-off-by: Badrish Adiga H R <badrish.adigahr@xxxxxxxxx> > --- > src/pae/ieee802_1x_kay.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c > index 1004b32..79a6878 100644 > --- a/src/pae/ieee802_1x_kay.c > +++ b/src/pae/ieee802_1x_kay.c > @@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body( > ieee802_1x_cp_connect_authenticated(kay->cp); > ieee802_1x_cp_sm_step(kay->cp); > wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec"); > - participant->to_use_sak = TRUE; > + participant->to_use_sak = FALSE; > return 0; > } > > -- > 2.6.1.133.gf5b6079 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
