hostapd: enable PMKSA and OK caching for WPA3-Personal
authorDavid Bauer <mail@david-bauer.net>
Mon, 28 Oct 2019 18:10:14 +0000 (19:10 +0100)
committerrcall1 <rcall1@rcall1s-Mini.lan>
Thu, 7 Nov 2019 03:58:45 +0000 (22:58 -0500)
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.

This should not degrade security, as there's no external authentication
provider.

Tested with OCEDO Koala and iPhone 7 (iOS 13.1).

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8)
Signed-off-by: David Bauer <mail@david-bauer.net>
package/network/services/hostapd/files/hostapd.sh

index 3ddb511b895d062542a6c4e8849ac1a711260544..476c22afbe2137acc300a3889a5836621f22aa7b 100644 (file)
@@ -540,7 +540,14 @@ hostapd_set_bss_options() {
                        append bss_conf "rsn_preauth=1" "$N"
                        append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N"
                else
-                       set_default auth_cache 0
+                       case "$auth_type" in
+                       sae|psk-sae|owe)
+                               set_default auth_cache 1
+                       ;;
+                       *)
+                               set_default auth_cache 0
+                       ;;
+                       esac
                fi
 
                append bss_conf "okc=$auth_cache" "$N"