[ https://issues.apache.org/jira/browse/MYNEWT-750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16052365#comment-16052365 ]
ASF subversion and git services commented on MYNEWT-750: -------------------------------------------------------- Commit 6e380728c1382e679e2c6967e6820dfc4f48b116 in incubator-mynewt-core's branch refs/heads/master from [~ccollins476] [ https://gitbox.apache.org/repos/asf?p=incubator-mynewt-core.git;h=6e38072 ] MYNEWT-750 - Authenticated flag incorrect. We would persist the authenticated flag if either peer supported authentication. We should only persist it if both support it. > BLE Host - Ignore pairing attempt from already bonded peer > ---------------------------------------------------------- > > Key: MYNEWT-750 > URL: https://issues.apache.org/jira/browse/MYNEWT-750 > Project: Mynewt > Issue Type: Bug > Security Level: Public(Viewable by anyone) > Components: Nimble > Reporter: Christopher Collins > Assignee: Christopher Collins > Fix For: v1_1_0_rel > > > (Pull request: https://github.com/apache/incubator-mynewt-core/pull/287) > If a device is already bonded, the host should not allow the same device to > pair again. Currently, the host blindly proceeds with the pairing operation. > This should not be allowed because the second peer could be an imposter > masquerading as the original. > I propose the following behavior in such a scenario: > # Host notifies application of the duplicate pairing attempt via the gap > event callback. The callback would specify a new event code that > specifically indicates a duplicate pairing attempt. > # The gap event callback would return an error code indicating which of the > following behaviors to perform: > ## Retry: Return BLE_GAP_REPEAT_PAIRING_RETRY after deleting the conflicting > bond. The stack will verify the bond has been deleted and continue the > pairing procedure. If the bond is still present, this event will be reported > again. > ## Ignore: Return BLE_GAP_REPEAT_PAIRING_IGNORE. The stack will silently > ignore the pairing request. -- This message was sent by Atlassian JIRA (v6.4.14#64029)