From 63f9e4c0ab996b44ef88a9df20d552c5fd7f748c Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 22 May 2020 10:38:26 +0200
Subject: macsec: T2023: only render mka in template if encrypt enabled

---
 data/templates/macsec/wpa_supplicant.conf.tmpl | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'data')

diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index eee215418..c3a8d9686 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -47,6 +47,7 @@ network={
     # 1: Integrity only
     macsec_integ_only={{ '0' if security_encrypt else '1' }}
 
+{% if security_encrypt %}
     # mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
     # This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
     # In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
@@ -61,5 +62,6 @@ network={
     # mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
     # default priority
     mka_priority={{ security_mka_priority }}
+{% endif %}
 }
 
-- 
cgit v1.2.3