Previouslly, the value of ieee80211w and key_mgmt field in wpa_supplicant.conf was defined by the value of pmf.
NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE ieee80211w=0 key_mgmt=wpa-eap NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ieee80211w=1 key_mgmt=wpa-eap wpa-eap-sha256 NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED ieee80211w=2 key_mgmt=wpa-eap-sha256 Though these works, these does not include whole combinations. The key_mgmt could be set independent of ieee80211w value. For example, management frame protection could be used with wpa-eap. ieee80211w=2 key_mgmt=wpa-eap And wpa-eap-sha256 could be used without management frame protection. ieee80211w=0 key_mgmt=wpa-eap-sha256 So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP supports both, stronger algorithm will be chosen (ex. when AP supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be chosen). Signed-off-by: Masashi Honma <[email protected]> --- src/supplicant/nm-supplicant-config.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 5650e64..e51e8ba 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, g_return_val_if_fail (!error || !*error, FALSE); key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting); - if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; - } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap-sha256"; - } + if (nm_streq (key_mgmt, "wpa-psk")) + key_mgmt_conf = "wpa-psk wpa-psk-sha256"; + else if (nm_streq (key_mgmt, "wpa-eap")) + key_mgmt_conf = "wpa-eap wpa-eap-sha256"; + if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) return FALSE; -- 2.7.4 _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
