aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Bauer <mail@david-bauer.net>2019-10-28 19:10:14 +0100
committerDavid Bauer <mail@david-bauer.net>2019-11-04 18:46:54 +0100
commit3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8 (patch)
tree80468039ed64ec9c5645b6f770340cbb2c3ad5b5
parent6ea5f7d44c8dccdf018af0aa9750903308aa95b7 (diff)
downloadupstream-3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8.tar.gz
upstream-3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8.tar.bz2
upstream-3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8.zip
hostapd: enable PMKSA and OK caching for WPA3-Personal
This enables PMKSA and opportunistic key caching by default for WPA2/WPA3-Personal, WPA3-Personal and OWE auth types. Otherwise, Apple devices won't connect to the WPA3 network. This should not degrade security, as there's no external authentication provider. Tested with OCEDO Koala and iPhone 7 (iOS 13.1). Signed-off-by: David Bauer <mail@david-bauer.net>
-rw-r--r--package/network/services/hostapd/files/hostapd.sh9
1 files changed, 8 insertions, 1 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index f0dc997e91..3c1504ca60 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -553,7 +553,14 @@ hostapd_set_bss_options() {
append bss_conf "rsn_preauth=1" "$N"
append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N"
else
- set_default auth_cache 0
+ case "$auth_type" in
+ sae|psk-sae|owe)
+ set_default auth_cache 1
+ ;;
+ *)
+ set_default auth_cache 0
+ ;;
+ esac
fi
append bss_conf "okc=$auth_cache" "$N"