@@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
ieee802_1x_cp_connect_authenticated(kay->cp);
ieee802_1x_cp_sm_step(kay->cp);
wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
- participant->to_use_sak = TRUE;
+ participant->to_use_sak = FALSE;
return 0;
}
@@ -2377,6 +2377,12 @@ static void ieee802_1x_participant_timer(void
*eloop_ctx, void *timeout_ctx)
participant->advised_capability =
MACSEC_CAP_NOT_IMPLEMENTED;
participant->to_use_sak = FALSE;
+ participant->ltx = FALSE;
+ participant->lrx = FALSE;
+ participant->otx = FALSE;
+ participant->orx = FALSE;
+ participant->is_key_server = FALSE;
+ participant->is_elected = FALSE;
kay->authenticated = TRUE;
kay->secured = FALSE;
1. API ieee802_1x_mka_decode_dist_sak_body wrongly puts participant->to_use_sak to TRUE, if invalid DIstributed SAK Parameter Set is received 2. when number of live peers become 0, the flags such lrx, ltx, orx, otx etc. needs to be cleared. In MACsec PSK mode, these stale values create problems, while re-establishing CA... Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com> --- src/pae/ieee802_1x_kay.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) kay->failed = FALSE;