From 7faf403f9fb39fea9a0545025cc284ef05e022a7 Mon Sep 17 00:00:00 2001 Message-Id: <7faf403f9fb39fea9a0545025cc284ef05e022a7.1488376602.git.dcaratti@redhat.com> From: Badrish Adiga H R Date: Fri, 6 Jan 2017 17:47:51 +0530 Subject: [PATCH] mka: Fix an incorrect update of participant->to_use_sak API ieee802_1x_mka_decode_dist_sak_body() wrongly puts participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of length 0 is received. In MACsec PSK mode, this stale incorrect value can create problems while re-establishing CA. In MACsec PSK mode, CA goes down if interface goes down and ideally we should be able to re-establish the CA once interface comes up. Signed-off-by: Badrish Adiga H R --- src/pae/ieee802_1x_kay.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 1004b32..79a6878 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body( ieee802_1x_cp_connect_authenticated(kay->cp); ieee802_1x_cp_sm_step(kay->cp); wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec"); - participant->to_use_sak = TRUE; + participant->to_use_sak = FALSE; return 0; } -- 2.7.4