From cfa53d5e6c67c441cba6df87b56dbac6dc4e7508 Mon Sep 17 00:00:00 2001
From: paul-szczepanek-arm
 <33840200+paul-szczepanek-arm@users.noreply.github.com>
Date: Thu, 29 Mar 2018 16:02:27 +0100
Subject: [PATCH] only bother reacting to verification failures if we want to
 use signing

---
 .../source/generic/GenericSecurityManager.cpp | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
index 1199cd88e0..9aed7b9bd9 100644
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@@ -912,13 +912,19 @@ void GenericSecurityManager::on_signature_verification_failure(connection_handle
         return;
     }
 
-    cb->csrk_failures++;
-    if (cb->csrk_failures == 3) {
-        cb->csrk_failures = 0;
-        if (cb->is_master) {
-           requestPairing(connection);
-        } else {
-           slave_security_request(connection);
+    const bool signing = cb->signing_override_default ?
+                         cb->signing_requested
+                         : _default_key_distribution.get_signing();
+
+    if (signing) {
+        cb->csrk_failures++;
+        if (cb->csrk_failures == 3) {
+            cb->csrk_failures = 0;
+            if (cb->is_master) {
+               requestPairing(connection);
+            } else {
+               slave_security_request(connection);
+            }
         }
     }
 }