On Fri, Oct 27, 2023 at 03:34:32PM +0800, Jianling.Fu wrote: > If a failure occurs at sae "auth confirm" step, > the most probable cause is an error related to the key. Well, it depends.. I guess that might be the case when adding a new network for the first time and there having been no successful authentications before this. However, if there has been a successful authentication, I would be quite careful on how to interpret failures during SAE authentication since they could be caused by active attacks and should not result in something like dropping the password and asking using to enter a different one. > Correspondingly, in the case of handling SME in wpa_supplicant, > a similar way to internally trigger an association reject > event is used. We do this through calling sme_event_assoc_reject > to trigger upper layer processing with the WRONG_PASSWORD event. This feels really wrong. SAE authentication failing has nothing to do with the AP explicitly rejecting association. This could result in unexpected behavior and issues when sme_event_assoc_reject() might do something now, or in the future after some change, that is not appropriate for the authentication step. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
