|
 |
41389a |
From 7faf403f9fb39fea9a0545025cc284ef05e022a7 Mon Sep 17 00:00:00 2001
|
|
|
41389a |
Message-Id: <7faf403f9fb39fea9a0545025cc284ef05e022a7.1488376602.git.dcaratti@redhat.com>
|
|
|
41389a |
From: Badrish Adiga H R <badrish.adigahr@gmail.com>
|
|
|
41389a |
Date: Fri, 6 Jan 2017 17:47:51 +0530
|
|
|
41389a |
Subject: [PATCH] mka: Fix an incorrect update of participant->to_use_sak
|
|
|
41389a |
|
|
|
41389a |
API ieee802_1x_mka_decode_dist_sak_body() wrongly puts
|
|
|
41389a |
participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of
|
|
|
41389a |
length 0 is received. In MACsec PSK mode, this stale incorrect value can
|
|
|
41389a |
create problems while re-establishing CA. In MACsec PSK mode, CA goes
|
|
|
41389a |
down if interface goes down and ideally we should be able to
|
|
|
41389a |
re-establish the CA once interface comes up.
|
|
|
41389a |
|
|
|
41389a |
Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
|
|
|
41389a |
---
|
|
|
41389a |
src/pae/ieee802_1x_kay.c | 2 +-
|
|
|
41389a |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
41389a |
|
|
|
41389a |
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
|
|
|
41389a |
index 1004b32..79a6878 100644
|
|
|
41389a |
--- a/src/pae/ieee802_1x_kay.c
|
|
|
41389a |
+++ b/src/pae/ieee802_1x_kay.c
|
|
|
41389a |
@@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
|
|
|
41389a |
ieee802_1x_cp_connect_authenticated(kay->cp);
|
|
|
41389a |
ieee802_1x_cp_sm_step(kay->cp);
|
|
|
41389a |
wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
|
|
|
41389a |
- participant->to_use_sak = TRUE;
|
|
|
41389a |
+ participant->to_use_sak = FALSE;
|
|
|
41389a |
return 0;
|
|
|
41389a |
}
|
|
|
41389a |
|
|
|
41389a |
--
|
|
|
41389a |
2.7.4
|
|
|
41389a |
|