From 63f9e4c0ab996b44ef88a9df20d552c5fd7f748c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 22 May 2020 10:38:26 +0200 Subject: macsec: T2023: only render mka in template if encrypt enabled --- data/templates/macsec/wpa_supplicant.conf.tmpl | 2 ++ 1 file changed, 2 insertions(+) (limited to 'data/templates') diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl index eee215418..c3a8d9686 100644 --- a/data/templates/macsec/wpa_supplicant.conf.tmpl +++ b/data/templates/macsec/wpa_supplicant.conf.tmpl @@ -47,6 +47,7 @@ network={ # 1: Integrity only macsec_integ_only={{ '0' if security_encrypt else '1' }} +{% if security_encrypt %} # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode # This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair. # In this mode, instances of wpa_supplicant can act as MACsec peers. The peer @@ -61,5 +62,6 @@ network={ # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being # default priority mka_priority={{ security_mka_priority }} +{% endif %} } -- cgit v1.2.3