• State Verified Answer
  • Replies 1 reply
  • Subscribers 75 subscribers
  • Views 1361 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 230509
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

PM_EVT_CONN_SEC_FAILED received. Is it to me to reject the connection ?

Aurele

Hello,

I m bonding a central and a peripheral and saving the bonds into a whitelist i use at each startup. When i delete the bonds on central side, the connection to the peripheral can be effective even if i can see : PM_EVT_CONN_SEC_FAILED. I know this event is normal because security informations have been reset on central side but why does the connection can be established. Is it to me to reject the connection when such an event occurs ?

Thank you in advance,

Regards,

Aurélien

  • +1

    Hi,

    Aurele said:
    Is it to me to reject the connection when such an event occurs ?

    Yes, that is correct. See this post.

    If you want to disconnect, then add this line, "pm_handler_disconnect_on_sec_failure(p_evt);" to pm_evt_handler() in main.c (SDK15.3). In ble_app_gls example we do it like this:

    static void pm_evt_handler(pm_evt_t const * p_evt)
{
    ret_code_t err_code;

    pm_handler_on_pm_evt(p_evt);
    pm_handler_disconnect_on_sec_failure(p_evt);
    pm_handler_flash_clean(p_evt);

    switch (p_evt->evt_id)
    {
        case PM_EVT_CONN_SEC_SUCCEEDED:
        {
            pm_conn_sec_status_t conn_sec_status;

            // Check if the link is authenticated (meaning at least MITM).
            err_code = pm_conn_sec_status_get(p_evt->conn_handle, &conn_sec_status);
            APP_ERROR_CHECK(err_code);

            if (conn_sec_status.mitm_protected)
            {
                NRF_LOG_INFO("Link secured. Role: %d. conn_handle: %d, Procedure: %d",
                             ble_conn_state_role(p_evt->conn_handle),
                             p_evt->conn_handle,
                             p_evt->params.conn_sec_succeeded.procedure);
            }
            else
            {
                // The peer did not use MITM, disconnect.
                NRF_LOG_INFO("Collector did not use MITM, disconnecting");
                err_code = pm_peer_id_get(m_conn_handle, &m_peer_to_be_deleted);
                APP_ERROR_CHECK(err_code);
                err_code = sd_ble_gap_disconnect(m_conn_handle,
                                                 BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
                APP_ERROR_CHECK(err_code);
            }
        } break;

        case PM_EVT_CONN_SEC_FAILED:
            m_conn_handle = BLE_CONN_HANDLE_INVALID;
            break;

        case PM_EVT_PEERS_DELETE_SUCCEEDED:
            advertising_start(false);
            break;

        default:
            break;
    }
}

Related
Terms of service