diff --git a/src/core/supplicant/nm-supplicant-config.c b/src/core/supplicant/nm-supplicant-config.c index 2af04bbd55..bb6cb6c44a 100644 --- a/src/core/supplicant/nm-supplicant-config.c +++ b/src/core/supplicant/nm-supplicant-config.c @@ -883,9 +883,6 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * g_string_append(key_mgmt_conf, " ft-sae"); } else if (nm_streq(key_mgmt, "wpa-eap-suite-b-192")) { pmf = NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED; - if (!nm_supplicant_config_add_option(self, "pairwise", "GCMP-256", -1, NULL, error) - || !nm_supplicant_config_add_option(self, "group", "GCMP-256", -1, NULL, error)) - return FALSE; } if (!add_string_val(self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error)) @@ -968,7 +965,7 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * } /* Only WPA-specific things when using WPA */ - if (NM_IN_STRSET(key_mgmt, "wpa-psk", "wpa-eap", "sae", "owe")) { + if (NM_IN_STRSET(key_mgmt, "owe", "wpa-psk", "sae", "wpa-eap", "wpa-eap-suite-b-192")) { if (!ADD_STRING_LIST_VAL(self, setting, wireless_security, @@ -980,28 +977,36 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * NULL, error)) return FALSE; - if (!ADD_STRING_LIST_VAL(self, - setting, - wireless_security, - pairwise, - pairwise, - "pairwise", - ' ', - TRUE, - NULL, - error)) - return FALSE; - if (!ADD_STRING_LIST_VAL(self, - setting, - wireless_security, - group, - groups, - "group", - ' ', - TRUE, - NULL, - error)) - return FALSE; + + if (nm_streq(key_mgmt, "wpa-eap-suite-b-192")) { + if (!nm_supplicant_config_add_option(self, "pairwise", "GCMP-256", -1, NULL, error)) + return FALSE; + if (!nm_supplicant_config_add_option(self, "group", "GCMP-256", -1, NULL, error)) + return FALSE; + } else { + if (!ADD_STRING_LIST_VAL(self, + setting, + wireless_security, + pairwise, + pairwise, + "pairwise", + ' ', + TRUE, + NULL, + error)) + return FALSE; + if (!ADD_STRING_LIST_VAL(self, + setting, + wireless_security, + group, + groups, + "group", + ' ', + TRUE, + NULL, + error)) + return FALSE; + } /* We set the supplicants global "pmf" config value to "1" (optional), * so no need to set it network-specific again if PMF_OPTIONAL is set. diff --git a/src/core/supplicant/tests/test-supplicant-config.c b/src/core/supplicant/tests/test-supplicant-config.c index 2c2d9478e2..3525f99962 100644 --- a/src/core/supplicant/tests/test-supplicant-config.c +++ b/src/core/supplicant/tests/test-supplicant-config.c @@ -815,9 +815,10 @@ test_wifi_eap_suite_b_generation(void) NMTST_EXPECT_NM_INFO("Config: added 'scan_ssid' value '1'*"); NMTST_EXPECT_NM_INFO("Config: added 'bssid' value '11:22:33:44:55:66'*"); NMTST_EXPECT_NM_INFO("Config: added 'freq_list' value *"); + NMTST_EXPECT_NM_INFO("Config: added 'key_mgmt' value 'WPA-EAP-SUITE-B-192'"); NMTST_EXPECT_NM_INFO("Config: added 'pairwise' value 'GCMP-256'"); NMTST_EXPECT_NM_INFO("Config: added 'group' value 'GCMP-256'"); - NMTST_EXPECT_NM_INFO("Config: added 'key_mgmt' value 'WPA-EAP-SUITE-B-192'"); + NMTST_EXPECT_NM_INFO("Config: added 'ieee80211w' value '2'"); NMTST_EXPECT_NM_INFO("Config: added 'eap' value 'TLS'"); NMTST_EXPECT_NM_INFO("Config: added 'fragment_size' value '1086'"); NMTST_EXPECT_NM_INFO("Config: added 'ca_cert' value '*/test-ca-cert.pem'");