Lines Matching +full:space +full:- +full:constraint
3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
13 * struct eap_peer_cert_config - EAP peer certificate configuration/credential
17 * ca_cert - File path to CA certificate file (PEM/DER)
22 * always be configured when using EAP-TLS/TTLS/PEAP. Full path to the
30 * server certificate (SHA-256 hash of the DER encoded X.509
48 * ca_path - Directory path for CA certificate files (PEM)
59 * client_cert - File path to client certificate file (PEM/DER)
62 * Usually, this is only configured for EAP-TLS, even though this could
63 * in theory be used with EAP-TTLS and EAP-PEAP, too. Full path to the
73 * private_key - File path to client private key file (PEM/DER/PFX)
100 * private_key_passwd - Password for private key file
107 * subject_match - Constraint for server certificate subject
123 * check_cert_subject - Constraint for server certificate subject fields
157 * altsubject_match - Constraint for server certificate alt. subject
175 * domain_suffix_match - Constraint for server domain name
180 * specified values, this constraint is met. If no dNSName values are
181 * present, this constraint is matched against SubjectName CN using same
183 * name is compared case-insentively one label at a time starting from
184 * the top-level domain and all the labels in domain_suffix_match shall
186 * additional sub-level labels in addition to the required labels.
189 * test.example.com but would not match test-example.com. Multiple
196 * domain_match - Constraint for server domain name
200 * matching dNSName is found, this constraint is met. If no dNSName
201 * values are present, this constraint is matched against SubjectName CN
204 * no subdomains or wildcard matches are allowed. Case-insensitive
217 * pin - PIN for USIM, GSM SIM, and smartcards
220 * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a
228 * engine - Enable OpenSSL engine (e.g., for smartcard access)
230 * This is used if private key operations for EAP-TLS are performed
236 * engine_id - Engine ID for OpenSSL engine
241 * This is used if private key operations for EAP-TLS are performed
248 * key_id - Key ID for OpenSSL engine
250 * This is used if private key operations for EAP-TLS are performed
256 * cert_id - Cert ID for OpenSSL engine
258 * This is used if the certificate operations for EAP-TLS are performed
264 * ca_cert_id - CA Cert ID for OpenSSL engine
266 * This is used if the CA certificate for EAP-TLS is on a smartcard.
271 * ocsp - Whether to use/require OCSP to check server certificate
281 * struct eap_peer_config - EAP peer configuration/credentials
285 * identity - EAP Identity
288 * EAP-PSK/PAX/SAKE/GPSK).
293 * identity_len - EAP Identity length
298 * anonymous_identity - Anonymous EAP Identity
301 * different tunnelled identity, e.g., EAP-TTLS, in order to reveal the
307 * This field can also be used with EAP-SIM/AKA/AKA' to store the
313 * anonymous_identity_len - Length of anonymous_identity
321 * imsi_privacy_cert - IMSI privacy certificate
323 * This field is used with EAP-SIM/AKA/AKA' to encrypt the permanent
324 * identity (IMSI) to improve privacy. The referenced PEM-encoded
325 * X.509v3 certificate needs to include a 2048-bit RSA public key and
331 * imsi_privacy_attr - IMSI privacy attribute
333 * This field is used to help the EAP-SIM/AKA/AKA' server to identify
341 * machine_identity - EAP Identity for machine credential
350 * machine_identity_len - EAP Identity length for machine credential
355 * password - Password string for EAP
358 * option) or a NtPasswordHash (16-byte MD4 hash of the unicode
362 * starting point for operation: MSCHAP and MSCHAPv2 (EAP-MSCHAPv2,
363 * EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
365 * In addition, this field is used to configure a pre-shared key for
366 * EAP-PSK/PAX/SAKE/GPSK. The length of the PSK must be 16 for EAP-PSK
367 * and EAP-PAX and 32 for EAP-SAKE. EAP-GPSK can use a variable length
373 * password_len - Length of password field
378 * machine_password - Password string for EAP machine credential
387 * machine_password_len - Length of machine credential password field
392 * cert - Certificate parameters for Phase 1
397 * phase2_cert - Certificate parameters for Phase 2
400 * EAP-TTLS/PEAP/FAST/TEAP tunnel) authentication.
405 * machine_cert - Certificate parameters for Phase 2 machine credential
407 * This is like cert, but used for Phase 2 (inside EAP-TEAP tunnel)
414 * eap_methods - Allowed EAP methods
422 * phase1 - Phase 1 (outer authentication) parameters
424 * String with field-value pairs, e.g., "peapver=0" or
440 * on tunneled EAP-Success. This is required with some RADIUS servers
441 * that implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
448 * sim_min_num_chal=3 can be used to configure EAP-SIM to require three
451 * result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
454 * fast_provisioning option can be used to enable in-line provisioning
455 * of EAP-FAST credentials (PAC):
465 * for storing PAC entries in order to save some space (the default
482 * EAP-WSC (WPS) uses following options: pin=Device_Password and
486 * used to configure a mode that allows EAP-Success (and EAP-Failure)
498 * phase2 - Phase2 (inner authentication with TLS tunnel) parameters
500 * String with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
501 * "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS. "mschapv2_retry=0" can
508 * machine_phase2 - Phase2 parameters for machine credentials
515 * pcsc - Parameters for PC/SC smartcard interface for USIM and GSM SIM
519 * not use PC/SC) or non-NULL (e.g., "") to enable PC/SC.
521 * This field is used for EAP-SIM and EAP-AKA.
526 * otp - One-time-password
534 * otp_len - Length of the otp field
539 * pending_req_identity - Whether there is a pending identity request
548 * pending_req_password - Whether there is a pending password request
557 * pending_req_pin - Whether there is a pending PIN request
566 * pending_req_new_password - Pending password update request
575 * pending_req_passphrase - Pending passphrase request
584 * pending_req_sim - Pending SIM request
593 * pending_req_otp - Whether there is a pending OTP request
602 * pending_req_otp_len - Length of the pending OTP request
607 * pac_file - File path or blob name for the PAC entries (EAP-FAST)
619 * mschapv2_retry - MSCHAPv2 retry in progress
621 * This field is used internally by EAP-MSCHAPv2 and should not be set
627 * new_password - New password for password update
636 * new_password_len - Length of new_password field
641 * fragment_size - Maximum EAP fragment size in bytes (default 1398)
644 * fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
656 * flags - Network configuration flags (bitfield)
660 * bit 0 = password is represented as a 16-byte NtPasswordHash value
664 * bit 2 = machine password is represented as a 16-byte NtPasswordHash
672 * external_sim_resp - Response from external SIM processing
681 * sim_num - User selected SIM identifier
689 * openssl_ciphers - OpenSSL cipher string
698 * erp - Whether EAP Re-authentication Protocol (ERP) is enabled
703 * pending_ext_cert_check - External server certificate check status
721 * struct wpa_config_blob - Named configuration blob
729 * name - Blob name
734 * data - Pointer to binary data
739 * len - Length of binary data
744 * next - Pointer to next blob in the configuration