|
wpa_supplicant / hostapd
2.5
|
|
wpa_supplicant / hostapd
2.5
|
Data Structures | |
| struct | excluded_ssid |
| struct | roaming_partner |
Data Fields | |
| struct wpa_cred * | next |
| Next credential in the list. More... | |
| int | id |
| Unique id for the credential. More... | |
| int | temporary |
| Whether this credential is temporary and not to be saved. | |
| int | priority |
| Priority group. More... | |
| int | pcsc |
| Use PC/SC and SIM/USIM card. | |
| char * | realm |
| Home Realm for Interworking. | |
| char * | username |
| Username for Interworking network selection. | |
| char * | password |
| Password for Interworking network selection. | |
| int | ext_password |
| Whether password is a name for external storage. | |
| char * | ca_cert |
| CA certificate for Interworking network selection. | |
| char * | client_cert |
| File path to client certificate file (PEM/DER) More... | |
| char * | private_key |
| File path to client private key file (PEM/DER/PFX) More... | |
| char * | private_key_passwd |
| Password for private key file. | |
| char * | imsi |
| IMSI in <MCC> | <MNC> | '-' | <MSIN> format. | |
| char * | milenage |
| Milenage parameters for SIM/USIM simulator in. More... | |
| char * | domain_suffix_match |
| Constraint for server domain name. More... | |
| char ** | domain |
| Home service provider FQDN(s) More... | |
| size_t | num_domain |
| Number of FQDNs in the domain array. | |
| u8 | roaming_consortium [15] |
| Roaming Consortium OI. More... | |
| size_t | roaming_consortium_len |
| Length of roaming_consortium. | |
| u8 | required_roaming_consortium [15] |
| size_t | required_roaming_consortium_len |
| struct eap_method_type * | eap_method |
| EAP method to use. More... | |
| char * | phase1 |
| Phase 1 (outer authentication) parameters. More... | |
| char * | phase2 |
| Phase 2 (inner authentication) parameters. More... | |
| struct wpa_cred::excluded_ssid * | excluded_ssid |
| size_t | num_excluded_ssid |
| struct wpa_cred::roaming_partner * | roaming_partner |
| size_t | num_roaming_partner |
| int | update_identifier |
| char * | provisioning_sp |
| FQDN of the SP that provisioned the credential. | |
| int | sp_priority |
| Credential priority within a provisioning SP. More... | |
| unsigned int | min_dl_bandwidth_home |
| unsigned int | min_ul_bandwidth_home |
| unsigned int | min_dl_bandwidth_roaming |
| unsigned int | min_ul_bandwidth_roaming |
| unsigned int | max_bss_load |
| Maximum BSS Load Channel Utilization (1..255) This value is used as the maximum channel utilization for network selection purposes for home networks. If the AP does not advertise BSS Load or if the limit would prevent any connection, this constraint will be ignored. | |
| unsigned int | num_req_conn_capab |
| u8 * | req_conn_capab_proto |
| int ** | req_conn_capab_port |
| int | ocsp |
| Whether to use/require OCSP to check server certificate. More... | |
| int | sim_num |
| User selected SIM identifier. More... | |
| char* wpa_cred::client_cert |
File path to client certificate file (PEM/DER)
This field is used with Interworking networking selection for a case where client certificate/private key is used for authentication (EAP-TLS). Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.
Alternatively, a named configuration blob can be used by setting this to blob://blob_name.
| char** wpa_cred::domain |
Home service provider FQDN(s)
This is used to compare against the Domain Name List to figure out whether the AP is operated by the Home SP. Multiple domain entries can be used to configure alternative FQDNs that will be considered home networks.
| char* wpa_cred::domain_suffix_match |
Constraint for server domain name.
If set, this FQDN is used as a suffix match requirement for the AAA server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels.
For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com.
| struct eap_method_type* wpa_cred::eap_method |
EAP method to use.
Pre-configured EAP method to use with this credential or NULL to indicate no EAP method is selected, i.e., the method will be selected automatically based on ANQP information.
| int wpa_cred::id |
Unique id for the credential.
This identifier is used as a unique identifier for each credential block when using the control interface. Each credential is allocated an id when it is being created, either when reading the configuration file or when a new credential is added through the control interface.
| char* wpa_cred::milenage |
Milenage parameters for SIM/USIM simulator in.
<Ki>:<OPc>:<SQN> format
| struct wpa_cred* wpa_cred::next |
Next credential in the list.
This pointer can be used to iterate over all credentials. The head of this list is stored in the cred field of struct wpa_config.
| int wpa_cred::ocsp |
Whether to use/require OCSP to check server certificate.
0 = do not use OCSP stapling (TLS certificate status extension) 1 = try to use OCSP stapling, but not require response 2 = require valid OCSP stapling response
| char* wpa_cred::phase1 |
Phase 1 (outer authentication) parameters.
Pre-configured EAP parameters or NULL.
| char* wpa_cred::phase2 |
Phase 2 (inner authentication) parameters.
Pre-configured EAP parameters or NULL.
| int wpa_cred::priority |
Priority group.
By default, all networks and credentials get the same priority group (0). This field can be used to give higher priority for credentials (and similarly in struct wpa_ssid for network blocks) to change the Interworking automatic networking selection behavior. The matching network (based on either an enabled network block or a credential) with the highest priority value will be selected.
| char* wpa_cred::private_key |
File path to client private key file (PEM/DER/PFX)
When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be commented out. Both the private key and certificate will be read from the PKCS#12 file in this case. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.
Windows certificate store can be used by leaving client_cert out and configuring private_key in one of the following formats:
cert://substring_to_match
hash://certificate_thumbprint_in_hex
For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
Note that when running wpa_supplicant as an application, the user certificate store (My user account) is used, whereas computer store (Computer account) is used when running wpasvc as a service.
Alternatively, a named configuration blob can be used by setting this to blob://blob_name.
| u8 wpa_cred::roaming_consortium[15] |
Roaming Consortium OI.
If roaming_consortium_len is non-zero, this field contains the Roaming Consortium OI that can be used to determine which access points support authentication with this credential. This is an alternative to the use of the realm parameter. When using Roaming Consortium to match the network, the EAP parameters need to be pre-configured with the credential since the NAI Realm information may not be available or fetched.
| int wpa_cred::sim_num |
User selected SIM identifier.
This variable is used for identifying which SIM is used if the system has more than one.
| int wpa_cred::sp_priority |
Credential priority within a provisioning SP.
This is the priority of the credential among all credentials provisionined by the same SP (i.e., for entries that have identical provisioning_sp value). The range of this priority is 0-255 with 0 being the highest and 255 the lower priority.
1.8.6
