path: root/wpa_supplicant/wpa_supplicant.conf
Commit message (Collapse)AuthorAgeFilesLines
* Interworking: Allow cred blocks not to be saved to a fileJouni Malinen2013-12-301-0/+2
| | | | | | | | | | | The new cred block parameter 'temporary' can be used to indicate that a cred block is not to be saved to wpa_supplicant configuration file (e.g., "SET_CRED 0 temporary 1"). This is similar to the concept of temporary network blocks and allows cred blocks to be managed outside the wpa_supplicant config file when other parameters are still saved to the file written by wpa_supplicant. Signed-hostap: Jouni Malinen <j@w1.fi>
* Update IBSS documentation to include RSN optionJouni Malinen2013-12-231-4/+17
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* bgscan: Add global bgscan configurationHaim Dreyfuss2013-11-051-0/+4
| | | | | | | | | | | This option can be used to globally configure bgscan parameters for all the network blocks. Note that this configuration will not override a network block specific bgscan settings, but will only be used in case that the network block does not have a valid bgscan configuration. Signed-hostap: Haim Dreyfuss <haim.dreyfuss@intel.com>
* Replace unnecessary UTF-8 characters with ASCII versionsJouni Malinen2013-11-021-5/+5
| | | | | | | There is no need for using UTF-8 in these files when perfectly fine ASCII versions of these characters exist. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Add support for multiple home FQDNsJouni Malinen2013-10-181-2/+4
| | | | | | | | Credentials can now be configured with more than one FQDN ('domain' field in the cred block) to perform Domain Name List matching against multiple home domains. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add support for OCSP stapling to validate server certificateJouni Malinen2013-06-291-0/+5
| | | | | | | | | | | | | | | | | | When using OpenSSL with TLS-based EAP methods, wpa_supplicant can now be configured to use OCSP stapling (TLS certificate status request) with ocsp=1 network block parameter. ocsp=2 can be used to require valid OCSP response before connection is allowed to continue. hostapd as EAP server can be configured to return cached OCSP response using the new ocsp_stapling_response parameter and an external mechanism for updating the response data (e.g., "openssl ocsp ..." command). This allows wpa_supplicant to verify that the server certificate has not been revoked as part of the EAP-TLS/PEAP/TTLS/FAST handshake before actual data connection has been established (i.e., when a CRL could not be fetched even if a distribution point were specified). Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Allow vifs to scan only current channelBen Greear2013-05-091-0/+4
| | | | | | | | | If a VIF is already associated, then only scan on the associated frequency if user requests such. This is a big help when using lots of virtual stations. Signed-hostap: Ben Greear <greearb@candelatech.com> Signed-off-by: Ben Greear <greearb@candelatech.com>
* wpa_supplicant: Allow global scan frequencies configurationBen Greear2013-05-051-0/+10
| | | | | | | | This allows one to limit the channels that wpa_supplicant will scan. This is a useful addition to the freq_list configurable in the network {} section. Signed-hostap: Ben Greear <greearb@candelatech.com>
* Add ignore_old_scan_res configuration parameterJouni Malinen2013-03-311-0/+9
| | | | | | | | | | | This can be used to configure wpa_supplicant to ignore old scan results from the driver cache in cases where such results were not updated after the scan trigger from wpa_supplicant. This can be useful in some cases where the driver may cache information for a significant time and the AP configuration is changing. Many such cases are for testing scripts, but this could potentially be useful for some WPS use cases, too. Signed-hostap: Jouni Malinen <j@w1.fi>
* Add ap_vendor_elements for wpa_supplicant AP/P2P GO modeJouni Malinen2013-03-211-0/+7
| | | | | | | | This new parameter allows wpa_supplicant AP mode operations to use similar design to the vendor_elements parameter in hostapd to add vendor_elements into Beacon/Probe Response IE parameters. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Support VHT capability overridesJohannes Berg2013-03-101-0/+14
| | | | | | | | | Add support for VHT capability overrides to allow testing connections with a subset of the VHT capabilities that are actually supported by the device. The only thing that isn't currently supported (by mac80211 and this code) is the RX/TX highest rate field. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* Allow wpa_supplicant AP mode to configure Beacon intervalJouni Malinen2013-03-011-0/+9
| | | | | | | | | | | | | | | beacon_int (in TU) can now be used to configure Beacon interval for AP mode operations (including P2P GO) in wpa_supplicant. This can be set either in a network block or as a global parameter in the configuration file (or with "SET beacon_int <value>" control interface command) to apply for all networks that do not include the beacon_int parameter to override the default. In addition, this commits extends the dtim_period parameter to be available as a global parameter to set the default value. dtim_period is now stored in the configuration file, too, if it was set. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Allow enabled groups to be configuredJouni Malinen2013-01-121-0/+8
| | | | | | | | | hostapd.conf sae_groups parameter can now be used to limit the set of groups that the AP allows for SAE. Similarly, sae_groups parameter is wpa_supplicant.conf can be used to set the preferred order of groups. By default, all implemented groups are enabled. Signed-hostap: Jouni Malinen <j@w1.fi>
* Document bgscan configuration optionsJouni Malinen2012-12-251-0/+17
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Document HT capability overridesBen Greear2012-12-181-0/+28
| | | | Signed-off-by: Ben Greear <greearb@candelatech.com>
* Interworking: Allow SSID-based network exclusion for credentialsJouni Malinen2012-12-161-0/+5
| | | | | | | The new excluded_ssid parameter within a cred block can be used to excluded networks from matching with credentials. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow PMF to be enabled by defaultJouni Malinen2012-11-241-1/+9
| | | | | | | | | | Previously, PMF (protected management frames, IEEE 802.11w) could be enabled only with a per-network parameter (ieee80211w). The new global parameter (pmf) can now be used to change the default behavior to be PMF enabled (pmf=1) or required (pmf=2) for network blocks that do not override this with the ieee80211w parameter. Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow OKC to be enabled by defaultJouni Malinen2012-11-121-1/+8
| | | | | | | | | | | Previously, OKC (opportunistic key caching, a.k.a. proactive key caching) could be enabled only with a per-network parameter (proactive_key_caching). The new global parameter (okc) can now be used to change the default behavior to be OKC enabled (okc=1) for network blocks that do not override this with the proactive_key_caching parameter. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* EAP-SIM/AKA: Store pseudonym identity in configurationJouni Malinen2012-09-021-1/+2
| | | | | | | | Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity so that this can be maintained between EAP sessions (e.g., after wpa_supplicant restart) even if fast re-authentication data was cleared. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Add optional use of network selection on normal scansJouni Malinen2012-08-281-0/+8
| | | | | | | | | | auto_interworking=1 configuration parameter can be used to request wpa_supplicant to use Interworking network selection automatically as a part of the normal (non-Interworking) network selection if the scan results do not match with enabled networks. This makes scanning work similarly to the "interworking_select auto" command. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Document TLS options in phase1/phase2Jouni Malinen2012-08-171-0/+19
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Add p2p_go_max_inactivity config optionEyal Shapira2012-08-101-0/+6
| | | | | | | | | | | | | | This enables setting a different max inactivity timeout for P2P GO. This timeout is used to detect inactive clients. In some scenarios it may be useful to have control over this and set a shorter timeout than the default 300s. For example when running STA and P2P GO interfaces concurrently, the STA interface may perform scans which may cause the GO to miss a disassoc / deauth frames from a client and keep assuming that the client is connected until the inactivity detection kicks in. 300 secs is a bit too long for such scenarios and creates a bad user experience. Signed-hostap: Eyal Shapira <eyal@wizery.com>
* Add support for using printf-escaped strings in configurationJouni Malinen2012-08-071-2/+4
| | | | | | | | P"<escaped string>" can now be used as an alternative method for specifying non-ASCII strings (including control characters). For example, ssid=P"abc\x00test". Signed-hostap: Jouni Malinen <j@w1.fi>
* EXT PW: Add support for password parameter from external storageJouni Malinen2012-08-031-1/+2
| | | | | | | | | | | | | | | | | | | | This allows the password parameter for EAP methods to be fetched from an external storage. Following example can be used for developer testing: ext_password_backend=test:pw1=password|pw2=testing network={ key_mgmt=WPA-EAP eap=TTLS identity="user" password=ext:pw1 ca_cert="ca.pem" phase2="auth=PAP" } Signed-hostap: Jouni Malinen <j@w1.fi>
* EXT PW: Add support for psk parameter from external storageJouni Malinen2012-08-031-1/+2
| | | | | | | | | | | | | | | | | This allows wpa_supplicant configuration file to be created without the PSK/passphrase value included in the file when a backend for external password storage is available. Following example can be used for developer testing: ext_password_backend=test:psk1=12345678 network={ ssid="test-psk" key_mgmt=WPA-PSK psk=ext:psk1 } Signed-hostap: Jouni Malinen <j@w1.fi>
* EXT PW: Add framework for supporting external password storageJouni Malinen2012-08-031-0/+4
| | | | | | | | | | | This new mechanism can be used to make wpa_supplicant using external storage (e.g., key store in the operating system) for passwords, passphrases, and PSKs. This commit is only adding the framework part needed to support this, i.e., no actual configuration parameter can yet use this new mechanism. In addition, only a simple test backend is added to allow developer testing of the functionality. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Add support for using Roaming Consortium OI for matchingJouni Malinen2012-08-021-0/+20
| | | | | | | | | | | Each cred block can now be matched based on Roaming Consortium OI as an alternative mechanism to using NAI Realm information. This may be optimized for efficiency in the future since Roaming Consortium information is available in scan results without having to go through ANQP queries. In addition, this is easier to support in case there is a large number of realms that can be used for authentication. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Allow pre-configuration of EAP parametersJouni Malinen2012-08-021-0/+11
| | | | | | | | The new cred block parameters eap, phase1, and phase2 can be used to select which EAP method is used with network selection instead of using the value specified in ANQP information (e.g., NAI Realm). Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Document NFC use cases with password/config tokenJouni Malinen2012-06-281-0/+12
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Add a simple periodic autoscan moduleTomasz Bursztyka2012-06-261-0/+3
| | | | | | | This module will sets a fixed scanning interval. Thus, the parameter to this module is following this format: <fixed interval> Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* Add autoscan module named exponentialTomasz Bursztyka2012-06-261-0/+4
| | | | | | | This module will compute the interval on a base exponential. Thus, params to this module are following this format: <base>:<limit> Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* Add autoscan parameters support in config fileTomasz Bursztyka2012-06-261-0/+5
| | | | Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* wpa_supplicant: Support dtim_period configuration for AP modeEtay Luz2012-06-041-0/+3
| | | | Signed-off-by: Etay Luz <eluz@qca.qualcomm.com>
* HS 2.0: Add runtime configuration of Hotspot 2.0 stationJay Katabathuni2012-05-081-0/+3
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add more documentation for IEEE 802.11w/PMF configurationJouni Malinen2012-05-051-0/+10
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Allow vendor specific attribute to be added into M1Anirban Sirkhell2012-04-031-0/+4
| | | | | | | | wps_vendor_ext_m1 configuration parameter can now be used to add a vendor specific attribute into the WPS M1 message, e.g., for Windows Vertical Pairing. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Add provision to configure inactivity period in AP modeVasanthakumar Thiagarajan2012-03-271-0/+17
| | | | | | | | This patch adds a configuration in network block, ap_max_inactivity, for station's inactivity period when in AP mode. The time period is configured in seconds, by default 300 seconds. Signed-hostap: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
* Interworking: Support real SIM/USIM card for network selectionJouni Malinen2012-03-041-0/+2
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Fix credential block exampleJouni Malinen2012-03-041-1/+1
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Update configuration file documentation for credentialsJouni Malinen2012-03-031-17/+81
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Document network selection parametersJouni Malinen2011-10-161-0/+18
* IEEE 802.11u: Allow Interworking and HESSID to be configuredJouni Malinen2011-10-161-0/+11
| | | | | | The new wpa_supplicant.conf file global parameters interworking and hessid can be used to configure wpa_supplicant to include Interworking element in Probe Request frames.
* Fix typos found by codespellPavel Roskin2011-09-211-2/+2
| | | | Signed-off-by: Pavel Roskin <proski@gnu.org>
* WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)Jouni Malinen2010-09-091-0/+3
| | | | | For now, the default build will only include WSC 1.0 support. CONFIG_WPS2=y can be used to add support for WSC 2.0.
* WPS 2.0: Add virtual/physical display and pushbutton config methodsJouni Malinen2010-09-091-2/+3
* Add freq_list network configuration parameterJouni Malinen2010-03-271-0/+5
| | | | | | | This can be used to limit which frequencies are considered when selecting a BSS. This is somewhat similar to scan_freq, but will also affect any scan results regardless of which program triggered the scan.
* Add optional scan result filter based on SSIDJouni Malinen2010-03-051-0/+6
| | | | | | | | | filter_ssids=1 global configuration parameter can now be used to enable scan result filtering (with -Dnl80211 only for now) based on the configured SSIDs. In other words, only the scan results that have an SSID matching with one of the configured networks are included in the BSS table. This can be used to reduce memory needs in environments that have huge number of APs.
* Make maximum BSS table size configurableJouni Malinen2010-03-051-0/+8
| | | | | | New global configuration parameter bss_max_count can now be used to change the maximum BSS table size. The old fixed size limit (200) is used as the default value for this parameter.
* Add TLS client events, server probing, and srv cert matchingJouni Malinen2010-02-131-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows external programs (e.g., UI) to get more information about server certificate chain used during TLS handshake. This can be used both to automatically probe the authentication server to figure out most likely network configuration and to get information about reasons for failed authentications. The follow new control interface events are used for this: CTRL-EVENT-EAP-PEER-CERT CTRL-EVENT-EAP-TLS-CERT-ERROR In addition, there is now an option for matching the server certificate instead of the full certificate chain for cases where a trusted CA is not configured or even known. This can be used, e.g., by first probing the network and learning the server certificate hash based on the new events and then adding a network configuration with the server certificate hash after user have accepted it. Future connections will then be allowed as long as the same server certificate is used. Authentication server probing can be done, e.g., with following configuration options: eap=TTLS PEAP TLS identity="" ca_cert="probe://" Example set of control events for this: CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe' CTRL-EVENT-EAP-FAILURE EAP authentication failed Server certificate matching is configured with ca_cert, e.g.: ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a" This functionality is currently available only with OpenSSL. Other TLS libraries (including internal implementation) may be added in the future.
* WPS: Make Config Methods configurable for wpa_supplicantJouni Malinen2009-12-211-0/+6
| | | | | | | | This adds config_methods configuration option for wpa_supplicant following the design used in hostapd. In addition, the string is now parsed in common code from src/wps/wps_common.c and the list of configurable methods include all the defined methods from WPS 1.0h spec.