How do I refuse bonding?

[newhobby]

Hi,

I am using bonding with JustWorks, but I would like to only have one bonded device and refuse any other attempt of bonding.
How do I accomplish that?
Here is what I have:

Code: Select all

        esp_ble_auth_req_t auth_req = ESP_LE_AUTH_REQ_SC_BOND; // bonding with peer device after authentication
        esp_ble_io_cap_t iocap = ESP_IO_CAP_NONE;              // set the IO capability to No output No input
        uint8_t key_size = 16;                                 // the key size should be 7~16 bytes
        uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
        uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
        uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE;
        uint8_t oob_support = ESP_BLE_OOB_DISABLE;
        esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t));
        esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t));
        esp_ble_gap_set_security_param(ESP_BLE_SM_MAX_KEY_SIZE, &key_size, sizeof(uint8_t));
        esp_ble_gap_set_security_param(ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH, &auth_option, sizeof(uint8_t));
        esp_ble_gap_set_security_param(ESP_BLE_SM_OOB_SUPPORT, &oob_support, sizeof(uint8_t));
        esp_ble_gap_set_security_param(ESP_BLE_SM_SET_INIT_KEY, &init_key, sizeof(uint8_t));
        esp_ble_gap_set_security_param(ESP_BLE_SM_SET_RSP_KEY, &rsp_key, sizeof(uint8_t));

And then I call this on connection event:

Code: Select all

esp_ble_set_encryption(param->connect.remote_bda, ESP_BLE_SEC_ENCRYPT_MITM);

This works fine with the JustWorks and it lets me bond my device correctly, but when a second device tries to connect, it also accepts the bonding. I would like to prevent the second one from ever being able to bond if already have one bonded device.
My device should also always refuse connection to any unsecured connections.
Can anyone point me to the right strategy to accomplish this?