From 645e0efae7837e3d9847ee448ffd6c5ed44754e3 Mon Sep 17 00:00:00 2001
From: Matthias Ringwald <matthias@ringwald.ch>
Date: Fri, 20 Nov 2020 17:41:27 +0100
Subject: [PATCH] gatt_client: return missing keys if re-encryption fails for
 mandatory authentication

---
 src/ble/gatt_client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ble/gatt_client.c b/src/ble/gatt_client.c
index 87b8acd77..1b218fe5d 100644
--- a/src/ble/gatt_client.c
+++ b/src/ble/gatt_client.c
@@ -886,8 +886,8 @@ static int gatt_client_run_for_gatt_client(gatt_client_t * gatt_client){
     if ((gatt_client->reencryption_result != ERROR_CODE_SUCCESS) && (gatt_client->gatt_client_state != P_READY)){
 #ifndef ENABLE_LE_PROACTIVE_AUTHENTICATION
         // re-encryption failed and we have a pending client request
-        // try to resolve it by deleting bonding information if we started pairing before
-        if (gatt_client->wait_for_pairing_complete){
+        // reactive authentication: try to resolve it by deleting bonding information if we started pairing before
+        if ((gatt_client_required_security_level == LEVEL_0) && gatt_client->wait_for_pairing_complete){
             // delete bonding information
             int le_device_db_index = sm_le_device_index(gatt_client->con_handle);
             btstack_assert(le_device_db_index >= 0);