ccollins476ad opened a new pull request #726: host: Don't allow unauth pairing if MITM protection required URL: https://github.com/apache/mynewt-nimble/pull/726 I think this PR identifies a real bug, but I am not sure if the fix conforms to the letter of the Bluetooth spec. Hopefully someone more knowledgeable can take a look. Before this PR, the following scenario was possible: 1. We send pair request with mitm=1 2. Peer ignores our mitm flag and sends a pair response attempting just works. 3. We accept the pair response and proceed with just works pairing. This commit changes step 3 such that we abort the pairing procedure if either side has mitm=1 but the pairing algorithm is unauthenticated.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
