From 299fbc0888511a6359f9d2acddbcc850f6eb3460 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 9 Oct 2019 11:55:27 +0200 Subject: [PATCH] supplicant: allow PMF with SAE PMF can be used with SAE, allow it. Actually, it is required according to WPA3 specifications but there are implementations that don't require it (hostapd can be configured in a such way); so let's not make it mandatory for WPA3. Fixes: 6640fb4b3615 ('supplicant: add support for SAE key management') https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/257 (cherry picked from commit e36c297fd8c6b1b57cd120739cc5ee8eab57aa08) --- src/supplicant/nm-supplicant-config.c | 4 ++-- src/supplicant/tests/test-supplicant-config.c | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index f6e3c7da53..a5a68070e6 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -881,8 +881,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, } } - /* Don't try to enable PMF on non-WPA networks */ - if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk")) + /* Don't try to enable PMF on non-WPA/SAE networks */ + if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk", "sae")) pmf = NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE; /* Check if we actually support PMF */ diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 819256fb7d..ea9bac1e7c 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -430,7 +430,6 @@ test_wifi_sae_psk (const char *psk) NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'RSN'"); NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'"); NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'"); - NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '0'"); config_dict = build_supplicant_config (connection, 1500, 0, TRUE, TRUE); g_test_assert_expected_messages ();