On Mon, Jun 15, 2020 at 08:11:17AM -0000, Sven Dembianny wrote:
when entering a wrong password, I expected ConnMan to return the error
string "invalid-key". This worked with wpa_supplicant 2.5, but since
upgrading to wpa_supplicant 2.9, ConnMan returns "connect-failed".
ConnMan assumes the password to be incorrect, if wpa_supplicant was in
the 4WAY_HANDSHAKE state before disconnecting:
As far as I understand, the problem is that wpa_supplicant now
supports offloading the 4-way handshake into the driver and it skips
this state completely. For comparison, here is a D-Bus dump with wpa_supplicant 2.5:
and here with wpa_supplicant 2.9:
Many thanks to the bug report. Looking at the wpa_supplicant code this
can't be turned off.
static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
(params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
params.req_handshake_offload = 1;
That means someone (and that's not me) needs to update our wifi plugin to work
The workaround is to use iwd for wifi.