In the "conf=" argument to dpp_auth_init, both role and key management are specified, eg. "conf=sta-dpp" or "conf=ap-dpp". The parsing and population of the dpp_configuration structure is identical for "conf=sta-" and "conf=ap-", the only difference is that only one of two dpp_configuration structures is populated: conf_sta or conf_ap. When a configuration request is received from the enrollee, the requested role is examined and the configuration selected for constructing the response is either conf_sta or conf_ap. One of those two will be null. If the requested role matches the role specifed in dpp_auth_init, the operation succeeds, otherwise it fails with "No configuration available for Enrollee". It seems that dpp_auth_init should only need "conf=dpp", "conf=psk", etc, and a single configuration should be created to support both ap and sta (enrollee) roles. As it is, the configurator must know in advance the role of the enrollee at the time it receives its bootstrap information. It seems more intuitive to just have the configurator determine this from the role specified in the configuration request. References: dpp_hostapd.c - hostapd_dpp_set_configurator() dpp_supplicant.c - wpas_dpp_set_configurator() dpp.c - dpp_build_conf_obj() - dpp_conf_req_rx() _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
