Hi Sven,
On Mon, Jun 15, 2020 at 08:11:17AM -0000, Sven Dembianny wrote:
Hi all,
when entering a wrong password, I expected ConnMan to return the error
string "invalid-key". This worked with wpa_supplicant 2.5, but since
upgrading to wpa_supplicant 2.9, ConnMan returns "connect-failed".
ConnMan assumes the password to be incorrect, if wpa_supplicant was in
the 4WAY_HANDSHAKE state before disconnecting:
https://git.kernel.org/pub/scm/network/connman/connman.git/tree/plugin
s/wifi.c?h=1.38#n2537
As far as I understand, the problem is that wpa_supplicant now
supports offloading the 4-way handshake into the driver and it skips
this state completely. For comparison, here is a D-Bus dump with wpa_supplicant 2.5:
https://pastebin.com/raw/60064sgt
and here with wpa_supplicant 2.9:
https://pastebin.com/raw/hQetZq7C
Many thanks to the bug report. Looking at the wpa_supplicant code this
can't be turned off.
static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
{
[...]
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
(params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
params.req_handshake_offload = 1;
[...]
}
That means someone (and that's not me) needs to update our wifi plugin to work
with 2.9
The workaround is to use iwd for wifi.
Thanks,
Daniel