From 5a1cdcac6af39ff70478623ea648d199d9b856cb Mon Sep 17 00:00:00 2001
From: Anjan Chanda <anjan.chanda@iopsys.eu>
Date: Fri, 25 Mar 2022 09:41:38 +0100
Subject: [PATCH] config: use sae-mixed or sae as default security for 'ap'

---
 src/config.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/config.c b/src/config.c
index d77f565a..0f753393 100644
--- a/src/config.c
+++ b/src/config.c
@@ -745,6 +745,7 @@ static int cntlr_config_get_credentials(struct controller_config *c,
 	};
 	struct uci_option *tb[NUM_CREDS];
 	struct iface_credential *cred;
+	bool use_default_security = false;
 
 	if (c->num_bss >= 32)
 		return -1;
@@ -802,6 +803,8 @@ static int cntlr_config_get_credentials(struct controller_config *c,
 		}
 
 		//TODO: ciphers (if any)
+	} else {
+		use_default_security = true;
 	}
 
 	if (tb[CRED_KEY])
@@ -831,6 +834,12 @@ static int cntlr_config_get_credentials(struct controller_config *c,
 		cred->mode = AP_WIFI_FBSS;
 	}
 
+	if (use_default_security) {
+		cred->sec |= WIFI_SECURITY_WPA3PSK;
+		if (!!(cred->multi_ap & 2))
+			cred->sec |= WIFI_SECURITY_WPA3PSK_T;
+	}
+
 	if (tb[CRED_D_BSTA]) {
 		struct uci_element *x;
 
-- 
GitLab