hostapd: enable PMKSA and OK caching for WPA3-Personal

This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.

This should not degrade security, as there's no external authentication
provider.

Tested with OCEDO Koala and iPhone 7 (iOS 13.1).

Signed-off-by: David Bauer <mail@david-bauer.net>

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index f0dc997e913929b82053271f943ac1e2ba2bed0f..3c1504ca60beb601080032d33449d61fa1bc8ba1 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -553,7 +553,14 @@ hostapd_set_bss_options() {
                        append bss_conf "rsn_preauth=1" "$N"
                        append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N"
                else
-                       set_default auth_cache 0
+                       case "$auth_type" in
+                       sae|psk-sae|owe)
+                               set_default auth_cache 1
+                       ;;
+                       *)
+                               set_default auth_cache 0
+                       ;;
+                       esac
                fi
 
                append bss_conf "okc=$auth_cache" "$N"