wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Data Structures | Data Fields
wpa_cred Struct Reference

Data Structures

struct  excluded_ssid
 
struct  roaming_partner
 

Data Fields

struct wpa_crednext
 Next credential in the list. More...
 
int id
 Unique id for the credential. More...
 
int temporary
 Whether this credential is temporary and not to be saved.
 
int priority
 Priority group. More...
 
int pcsc
 Use PC/SC and SIM/USIM card.
 
char * realm
 Home Realm for Interworking.
 
char * username
 Username for Interworking network selection.
 
char * password
 Password for Interworking network selection.
 
int ext_password
 Whether password is a name for external storage.
 
char * ca_cert
 CA certificate for Interworking network selection.
 
char * client_cert
 File path to client certificate file (PEM/DER) More...
 
char * private_key
 File path to client private key file (PEM/DER/PFX) More...
 
char * private_key_passwd
 Password for private key file.
 
char * imsi
 IMSI in <MCC> | <MNC> | '-' | <MSIN> format.
 
char * milenage
 Milenage parameters for SIM/USIM simulator in. More...
 
char * domain_suffix_match
 Constraint for server domain name. More...
 
char ** domain
 Home service provider FQDN(s) More...
 
size_t num_domain
 Number of FQDNs in the domain array.
 
u8 roaming_consortium [15]
 Roaming Consortium OI. More...
 
size_t roaming_consortium_len
 Length of roaming_consortium.
 
u8 required_roaming_consortium [15]
 
size_t required_roaming_consortium_len
 
struct eap_method_typeeap_method
 EAP method to use. More...
 
char * phase1
 Phase 1 (outer authentication) parameters. More...
 
char * phase2
 Phase 2 (inner authentication) parameters. More...
 
struct wpa_cred::excluded_ssidexcluded_ssid
 
size_t num_excluded_ssid
 
struct wpa_cred::roaming_partnerroaming_partner
 
size_t num_roaming_partner
 
int update_identifier
 
char * provisioning_sp
 FQDN of the SP that provisioned the credential.
 
int sp_priority
 Credential priority within a provisioning SP. More...
 
unsigned int min_dl_bandwidth_home
 
unsigned int min_ul_bandwidth_home
 
unsigned int min_dl_bandwidth_roaming
 
unsigned int min_ul_bandwidth_roaming
 
unsigned int max_bss_load
 Maximum BSS Load Channel Utilization (1..255) This value is used as the maximum channel utilization for network selection purposes for home networks. If the AP does not advertise BSS Load or if the limit would prevent any connection, this constraint will be ignored.
 
unsigned int num_req_conn_capab
 
u8 * req_conn_capab_proto
 
int ** req_conn_capab_port
 
int ocsp
 Whether to use/require OCSP to check server certificate. More...
 
int sim_num
 User selected SIM identifier. More...
 

Field Documentation

char* wpa_cred::client_cert

File path to client certificate file (PEM/DER)

This field is used with Interworking networking selection for a case where client certificate/private key is used for authentication (EAP-TLS). Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Alternatively, a named configuration blob can be used by setting this to blob://blob_name.

char** wpa_cred::domain

Home service provider FQDN(s)

This is used to compare against the Domain Name List to figure out whether the AP is operated by the Home SP. Multiple domain entries can be used to configure alternative FQDNs that will be considered home networks.

char* wpa_cred::domain_suffix_match

Constraint for server domain name.

If set, this FQDN is used as a suffix match requirement for the AAA server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels.

For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com.

struct eap_method_type* wpa_cred::eap_method

EAP method to use.

Pre-configured EAP method to use with this credential or NULL to indicate no EAP method is selected, i.e., the method will be selected automatically based on ANQP information.

int wpa_cred::id

Unique id for the credential.

This identifier is used as a unique identifier for each credential block when using the control interface. Each credential is allocated an id when it is being created, either when reading the configuration file or when a new credential is added through the control interface.

char* wpa_cred::milenage

Milenage parameters for SIM/USIM simulator in.

<Ki>:<OPc>:<SQN> format

struct wpa_cred* wpa_cred::next

Next credential in the list.

This pointer can be used to iterate over all credentials. The head of this list is stored in the cred field of struct wpa_config.

int wpa_cred::ocsp

Whether to use/require OCSP to check server certificate.

0 = do not use OCSP stapling (TLS certificate status extension) 1 = try to use OCSP stapling, but not require response 2 = require valid OCSP stapling response

char* wpa_cred::phase1

Phase 1 (outer authentication) parameters.

Pre-configured EAP parameters or NULL.

char* wpa_cred::phase2

Phase 2 (inner authentication) parameters.

Pre-configured EAP parameters or NULL.

int wpa_cred::priority

Priority group.

By default, all networks and credentials get the same priority group (0). This field can be used to give higher priority for credentials (and similarly in struct wpa_ssid for network blocks) to change the Interworking automatic networking selection behavior. The matching network (based on either an enabled network block or a credential) with the highest priority value will be selected.

char* wpa_cred::private_key

File path to client private key file (PEM/DER/PFX)

When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be commented out. Both the private key and certificate will be read from the PKCS#12 file in this case. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Windows certificate store can be used by leaving client_cert out and configuring private_key in one of the following formats:

cert://substring_to_match

hash://certificate_thumbprint_in_hex

For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"

Note that when running wpa_supplicant as an application, the user certificate store (My user account) is used, whereas computer store (Computer account) is used when running wpasvc as a service.

Alternatively, a named configuration blob can be used by setting this to blob://blob_name.

u8 wpa_cred::roaming_consortium[15]

Roaming Consortium OI.

If roaming_consortium_len is non-zero, this field contains the Roaming Consortium OI that can be used to determine which access points support authentication with this credential. This is an alternative to the use of the realm parameter. When using Roaming Consortium to match the network, the EAP parameters need to be pre-configured with the credential since the NAI Realm information may not be available or fetched.

int wpa_cred::sim_num

User selected SIM identifier.

This variable is used for identifying which SIM is used if the system has more than one.

int wpa_cred::sp_priority

Credential priority within a provisioning SP.

This is the priority of the credential among all credentials provisionined by the same SP (i.e., for entries that have identical provisioning_sp value). The range of this priority is 0-255 with 0 being the highest and 255 the lower priority.


The documentation for this struct was generated from the following file: