Lines Matching full:for
1 ChangeLog for wpa_supplicant
5 - add support for DPP release 3
8 - add support for GCM-AES-256 cipher suite
10 - add hardware offload support for additional drivers
17 * improve EAP-TLS support for TLSv1.3
23 * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
26 * support new AKM for 802.1X/EAP with SHA384
29 - extend support for secure ranging
30 - allow PASN implementation to be used with external programs for
32 * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
38 for using per-network random MAC addresses
40 to improve security for still unfortunately common invalid
42 * extend SCS support for QoS Characteristics
45 * add support for explicit SSID protection in 4-way handshake
46 (a mitigation for CVE-2023-52424; disabled by default for now, can be
57 - added support for the hash-to-element mechanism (sae_pwe=1 or
61 - added support for SAE-PK
73 * added support for using OpenSSL 3.0
76 * fixed various issues in experimental support for EAP-TEAP peer
77 * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
79 * added support for SAE (WPA3-Personal) AP mode configuration
80 * added P2P support for EDMG (IEEE 802.11ay) channels
83 * dropped support for libnl 1.1
84 * added support for nl80211 control port for EAPOL frame TX/RX
86 compatibility for these groups while the default group 19 remains
88 * added support for Beacon protection
89 * added support for Extended Key ID for pairwise keys
93 * added support for Transition Disable mechanism to allow the AP to
96 * added support for PASN
97 * added a file-based backend for external password storage to allow
100 * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
101 * added support for SCS, MSCS, DSCP policy
117 (disabled by default for backwards compatibility; can be enabled
125 * added support for EAP-SIM/AKA using anonymous@realm identity
128 * added experimental support for EAP-TEAP peer (RFC 7170)
129 * added experimental support for EAP-TLS peer with TLS v1.3
130 * fixed a regression in WMM parameter configuration for a TDLS peer
137 - added support for SAE Password Identifier
168 - added support for release number 3
169 - enable PMF automatically for network profiles created from
173 * added support for RSN operating channel validation
185 * fixed KEK2 derivation for FILS+FT
192 * extended driver flags indication for separate 802.1X and PSK
194 * added support for random P2P Device/Interface Address use
197 for PSK (wps_cred_add_sae=1)
198 * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
200 * added a RSN workaround for misbehaving PMF APs that advertise
212 * added support for FILS (IEEE 802.11ai) shared key authentication
213 * added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
215 * added support for DPP (Wi-Fi Device Provisioning Protocol)
216 * added support for RSA 3k key case with Suite B 192-bit level
220 * added EAP-pwd client support for salted passwords
225 - new macsec_linux driver interface support for the Linux
228 * added support for external persistent storage of PMKSA cache
230 MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
232 * added support for beacon report
234 * added support for randomizing local address for GAS queries
237 * added option for using random WPS UUID (auto_uuid=1)
238 * added SHA256-hash support for OCSP certificate matching
246 * added ap_isolate configuration option for AP mode
247 * added support for nl80211 to offload 4-way handshake into the driver
248 * added support for using wolfSSL cryptographic library
250 - added support for configuring SAE password separately of the
253 for SAE;
257 - added support for Password Identifier
260 - added support for fetching of Operator Icon Metadata ANQP-element
261 - added support for Roaming Consortium Selection element
262 - added support for Terms and Conditions
263 - added support for OSEN connection in a shared RSN BSS
264 - added support for fetching Venue URL information
265 * added support for using OpenSSL 1.1.1
268 - added support for SHA384 based AKM
269 - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
287 * extended channel switch support for P2P GO
291 - generate proper AID for peer
301 - add support for PMKSA caching
302 - add minimal support for SAE group negotiation
309 - note: these changes are not fully backwards compatible for secure
312 * added support for requesting and fetching arbitrary ANQP-elements
313 without internal support in wpa_supplicant for the specific element
323 - added optional ssid=<hexdump> argument to P2P_CONNECT for join case
327 - fix PD Response generation for unknown peer
334 - support for OCSP stapling
343 * improved PMF behavior for cases where the AP and STA has different
348 * EAP-pwd: added support for Brainpool Elliptic Curves
351 * fixed FTIE generation for 4-way handshake after FT protocol run
355 * added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
370 - minimal support for PKCS #12
374 - drop support for OpenSSL 0.9.8
375 - drop support for OpenSSL 1.0.0
376 * added support for multiple schedule scan plans (sched_scan_plans)
377 * added support for external server certificate chain validation
384 * added command for retrieving HS 2.0 icons with in-memory storage
387 * enabled ACS support for AP mode operations with wpa_supplicant
391 * VHT: added interoperability workaround for 80+80 and 160 MHz channels
392 * WNM: workaround for broken AP operating class behavior
393 * added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
395 - add support for full station state operations
402 * added support for PBSS/PCP and P2P on 60 GHz
405 * HS 2.0: add support for configuring frame filters
407 * added initial functionality for location related operations
408 * started to ignore pmf=1/2 parameter for non-RSN networks
411 * wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
431 - added VHT configuration for IBSS
435 * wpa_cli: added tab completion for number of commands
439 * added support for dynamically creating/removing a virtual interface
441 * added support for hashed password (NtHash) in EAP-pwd peer
442 * added support for memory-only PSK/passphrase (mem_only_psk=1 and
447 - added operating class 125 for P2P use cases (this allows 5 GHz
452 - extended support for preferred channel listing
460 * added EAP-EKE peer support for deriving Session-Id
462 for all network profiles added by WPS
465 * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
469 * added support for Brainpool Elliptic Curves with SAE
470 * added support for CCMP-256 and GCMP-256 as group ciphers with FT
476 * fixed key derivation for Suite B 192-bit AKM (this breaks
482 * allow OpenSSL cipher configuration to be set for internal EAP server
497 - add support for P2P services (P2PS)
503 * add support for PMKSA caching with SAE
504 * add support for control mesh BSS (IEEE 802.11s) operations
506 * fixed regression in ap_scan=2 special case for WPS
508 * add a workaround for incorrectly behaving APs that try to use
514 * add support for Suite B (128-bit and 192-bit level) key management and
518 * add support for neighbor report
519 * add support for link measurement
524 * add support for EAP Re-Authentication Protocol (ERP)
526 * improved PKCS#11 configuration for OpenSSL
529 * add support for MAC address randomization in scans with nl80211
530 * enable HT for IBSS if supported by the driver
532 * add support for domain_suffix_match with GnuTLS
544 * add a workaround for Linux packet socket behavior when interface is in
562 when parsing invalid information for P2P-DEVICE-FOUND
568 * improved P2P operating channel selection for various multi-channel
574 * added TDLS workaround for some APs that may add extra data to the
578 passphrases to be generated for P2P groups
580 * improved HT/VHT/QoS parameter setup for TDLS
581 * modified D-Bus interface for P2P peers/groups
582 * started to use constant time comparison for various password and hash
588 scan requests for active scans for specific configured SSIDs
593 for hidden SSIDs (based on scan_ssid=1)
594 * added generic mechanism for adding vendor elements into frames at
602 * extended freq_list configuration to apply for sched_scan as well as
609 * added experimental support for using temporary, random local MAC
613 * added D-Bus interface for setting/clearing WFD IEs
614 * fixed TDLS AID configuration for VHT
615 * modified -m<conf> configuration file to be used only for the P2P
616 non-netdev management device and do not load this for the default
617 station interface or load the station interface configuration for
620 * started to enable HT (if supported by the driver) for IBSS
627 - BSSID/frequency hint for driver-based BSS selection
632 - allow beacon interval to be configured for IBSS
636 * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
641 scan-for-auth workaround is used
644 support for this
652 - add optional configuration file for the P2P_DEVICE parameters
653 - optimize scan for GO during persistent group invocation
659 * added phase1 network parameter options for disabling TLS v1.1 and v1.2
662 * added support for OCSP stapling to validate AAA server certificate
673 * OSEN network for online signup connection
684 - fixed GAS indication for additional comeback delay with status
692 - enable FT for the connection automatically if the AP advertises
693 support for this
700 - fix X.509 validation of PKCS#1 signature to check for extra data
701 * fixed PTK derivation for CCMP-256 and GCMP-256
702 * added "reattach" command for fast reassociate-back-to-same-BSS
703 * allow PMF to be enabled for AP mode operation with the ieee80211w
716 * fixed OBSS scan result processing for 20/40 MHz co-ex report
733 * added support for using epoll in eloop (CONFIG_ELOOP_EPOLL=y)
745 * added support for simultaneous authentication of equals (SAE) for
752 cache for peer discovery/updates
761 * added support for optional per-device PSK assignment by P2P GO
763 * added P2P_REMOVE_CLIENT for removing a client from P2P groups
766 * added more configuration flexibility for allowed P2P GO/client
769 - VHT configuration for nl80211
770 - MFP (IEEE 802.11w) information for nl80211 command API
780 exact matches; also fixed argument parsing for some cases with
784 * added Session-Id derivation for EAP peer methods
787 * allow AP/Enrollee to be specified with BSSID instead of UUID for
796 limited for all cases instead of just for a specific network block
797 * added support for BSS Transition Management
804 * added support for using OCSP stapling to validate server certificate
807 * added peer restart detection for IBSS RSN
808 * added domain_suffix_match (and domain_suffix_match2 for Phase 2
809 EAP-TLS) to specify additional constraint for the server certificate
811 * added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
814 * added global bgscan configuration option as a default for all network
816 * added D-Bus methods for TDLS
832 - do not use results for internal roaming decision
837 for off-channel functionality
842 * added support for using Protected Dual of Public Action frames for
844 * added support for WPS+NFC updates and P2P+NFC
845 - improved protocol for WPS
847 - new IPv4 address assignment for P2P groups (ip_addr_* configuration
849 - option to fetch and report alternative carrier records for external
856 hostap, madwifi (hostap and madwifi remain available for hostapd;
860 * changed AP mode behavior to enable WPS only for open and
871 - added optional delay=<search delay in milliseconds> parameter for
877 * added number of small changes to make it easier for static analyzers
879 * fixed number of small bugs (see git logs for more details)
881 - replace monitor interface with nl80211 commands for AP mode
882 - additional information for driver-based AP SME
885 - fixed KDF for group 21 and zero-padding
886 - added support for fragmentation
888 * avoid excessive Probe Response retries for broadcast Probe Request
895 * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
898 * merged in number of changes from Android repository for P2P, nl80211,
903 for WPS use cases in AP mode
910 * added optional "join" argument for p2p_prov_disc ctrl_iface command
914 * added workarounds for WPS PBC overlap detection for some P2P use cases
927 - longer timeouts for cases where deployed devices have been
929 - more retries for some P2P frames
932 * added support for libnl 3.2 and newer
934 * maintain a list of P2P Clients for persistent group on GO
936 * added optional dev_id parameter for p2p_find
943 * AP: added a WPS workaround for mixed mode AP Settings with Windows 7
951 * added support for WFA Hotspot 2.0
964 * added optional MASK=0xH option for ctrl_iface BSS command to select
966 * added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
974 * added support for advertising immediate availability of a WPS
975 credential for P2P use cases
976 * optimized scan operations for P2P use cases (use single channel scan
977 for a specific SSID when possible)
978 * EAP-TTLS: fixed peer challenge generation for MSCHAPv2
981 * added support for sending debug info to Linux tracing (-T on command
983 * added support for using Deauthentication reason code 3 as an
987 * started using separate TLS library context for tunneled TLS
990 * added optional "auto" parameter for p2p_connect to request automatic
994 * added optional persistent=<network id> parameter for p2p_connect to
995 allow forcing of a specific SSID/passphrase for GO Negotiation
996 * added support for OBSS scan requests and 20/40 BSS coexistence reports
997 * reject PD Request for unknown group
1000 * added initial support for WNM operations
1008 - removed obsoleted WPS_OOB command (including support for deprecated
1010 * added optional framework for external password storage ("ext:<name>")
1011 * wpa_cli: added optional support for controlling wpa_supplicant
1012 remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
1018 * added optional "ht40" argument for P2P ctrl_iface commands to allow
1020 * added optional parameters for p2p_invite command to specify channel
1029 - use OpenSSL function for PKBDF2 passphrase-to-PSK
1035 - a workaround for servers that do not support TLS extensions that
1044 * added support for configuring GCMP cipher for IEEE 802.11ad
1045 * added support for Wi-Fi Display extensions
1051 * optimized scan result use for network selection
1054 available (e.g., after GAS/ANQP round for Interworking)
1055 * added support for 256-bit AES with internal TLS implementation
1056 * allow peer to propose channel in P2P invitation process for a
1067 for the same key
1068 * use deauthentication instead of disassociation for all disconnection
1074 by default for all network blocks
1075 * added a workaround for WPS PBC session overlap detection to avoid
1078 * added basic support for 60 GHz band
1079 * extend EAPOL frames processing workaround for roaming cases
1084 * bsd: Add support for setting HT values in IFM_MMASK.
1088 available with drivers that provide TX status events for Deauth/
1094 * Add support for setting the syslog facility from the config file
1096 * atheros: Add support for IEEE 802.11w configuration.
1105 - Support PMKSA candidate events. This adds support for RSN
1109 - Add a DBus signal for EAP SM requests, emitted on the Interface
1112 - Add signal Certification for information about server certification.
1114 support set/get, which allows for setting BSS cache expiration age
1120 - Emit property changed events (for property BSSs) when adding/
1122 - Treat '' in SSIDs of Interface.Scan as a request for broadcast
1124 - Add DBus getter/setter for FastReauth.
1137 - Add event CTRL-EVENT-ASSOC-REJECT for association rejected.
1139 - Add command sta_autoconnect for disabling automatic reconnection
1144 - Add tdls_testing command to add a special testing feature for
1147 - For interworking, add wpa_cli commands interworking_select,
1150 - Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
1159 for CONFIG_READLINE=y.
1168 - Add wpa_cli wps_pin get command for generating random PINs. This can
1173 - Add mechanism for indicating non-standard WPS errors.
1176 - Add wps_ap_pin cli command for wpa_supplicant AP mode.
1177 - Add wps_check_pin cli command for processing PIN from user input.
1186 - Fragment size is now configurable for EAP-WSC peer. Use
1190 - Allow AP to start in Enrollee mode without AP PIN for probing, to
1210 - Allow AP filtering based on IP address, add ctrl_iface event for
1212 * WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
1214 for testing protocol extensibility.
1217 - Add support for AuthorizedMACs attribute.
1223 - Allow TDLS to be disabled at runtime (mostly for testing).
1226 - Add a special testing feature for changing TDLS behavior. Use
1229 - Add support for TDLS 802.11z.
1230 * wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
1232 for realtime capturing or from pcap files for offline analysis.
1233 * Interworking: Support added for 802.11u. Enable in .config with
1234 CONFIG_INTERWORKING. See wpa_supplicant.conf for config parameters
1235 for interworking. wpa_cli commands added to support this are
1238 * Android: Add build and runtime support for Android wpa_supplicant.
1241 the list of channels for background scans.
1242 * Add a new debug message level for excessive information. Use
1244 * TLS: Add support for tls_disable_time_checks=1 in client mode.
1246 - Add support for TLS v1.1 (RFC 4346). Enable with build parameter
1248 - Add domainComponent parser for X.509 names.
1253 * Solaris: Add support for wired 802.1X client.
1254 * Wi-Fi Direct support. See README-P2P for more information.
1263 * add option for server certificate matching (SHA256 hash of the
1273 * wpa_cli: added option for using a separate process to receive event
1281 * nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air
1285 * add signal strength change events for bgscan; this allows more
1294 * wpa_gui-qt4: more complete support for translating the GUI with
1296 * fix DH padding with internal crypto code (mainly, for WPS)
1311 * nl80211: added support for IBSS networks
1316 * cleaned up AP mode operations to avoid need for virtual driver_ops
1334 * added support for multiple SSIDs per scan request to optimize
1335 scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden
1338 * added support for WPS USBA out-of-band mechanism with USB Flash
1344 * added better support for drivers that allow separate authentication
1349 standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
1353 block; this can be used for open and WPA2-Personal networks
1358 * added support for WPS External Registrar functionality (configure APs
1364 * driver_nl80211: multiple updates to provide support for new Linux
1369 * added support for NFC out-of-band mechanism with WPS
1372 * added preliminary support for IEEE 802.11r RIC processing
1373 * added support for specifying subset of enabled frequencies to scan
1378 * added a workaround for race condition between receiving the
1386 * added support for Wi-Fi Protected Setup (WPS)
1388 enroll credentials for a network using PIN and PBC methods; in
1394 manage WPS negotiation; see README-WPS for more details
1395 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
1396 * added support for using driver_test over UDP socket
1408 * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
1415 * added an optional mitigation mechanism for certain attacks against
1421 * updated OpenSSL code for EAP-FAST to use an updated version of the
1428 * added support (Linux only) for RoboSwitch chipsets (often found in
1435 * added support for SHA-256 as X.509 certificate digest when using the
1438 * added support for using SHA256-based stronger key derivation for WPA2
1442 * added support for configuring Phase 2 (inner/tunneled) authentication
1446 * added support for EAP Sequences in EAP-FAST Phase 2
1447 * added support for using TNC with EAP-FAST
1448 * added driver_ps3 for the PS3 Linux wireless driver
1449 * added support for optional cryptobinding with PEAPv0
1450 * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
1452 * added fragmentation support for EAP-TNC
1453 * added support for parsing PKCS #8 formatted private keys into the
1457 LibTomMath (for internal TLS implementation) to speed up DH and RSA
1465 previously used for configuring user identity and key for EAP-PSK,
1467 replacement for 'nai' (if old configuration used a separate
1470 replacement for 'eappsk' (it can also be set using hexstring to
1472 * removed '-w' command line parameter (wait for interface to be added,
1477 * added ctrl_iface monitor event (CTRL-EVENT-SCAN-RESULTS) for
1489 * added support for Makefile builds to include debug-log-to-a-file
1493 * added data structure for storing allocated buffers (struct wpabuf);
1497 * added support for protecting EAP-AKA/Identity messages with
1499 * added support for protected result indication with AT_RESULT_IND for
1501 * added driver_wext workaround for race condition between scanning and
1504 using a longer hardcoded timeout for the scan if the driver supports
1505 notifications for scan completion (SIOCGIWSCAN event); this helps,
1511 * added support for privilege separation (run only minimal part of
1513 non-root process); see 'Privilege separation' in README for details;
1518 driver_ops is still supported for backwards compatibility (results
1529 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
1533 * added support for configuring password as NtPasswordHash
1535 * added support for fallback from abbreviated TLS handshake to
1540 * added support for drivers that take care of RSN 4-way handshake
1543 * added an experimental port for Mac OS X (CONFIG_DRIVER_OSX=y in
1553 * fixed a race condition with -W option (wait for a control interface
1556 * added support for processing TNCC-TNCS-Messages to report
1560 * added network configuration parameter 'frequency' for setting
1561 initial channel for IBSS (adhoc) networks
1571 * added support for fragmentation of outer TLS packets during Phase 2
1573 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
1574 * added support for EAP-FAST authentication with inner methods that
1576 for PAC provisioning)
1577 * added support for authenticated EAP-FAST provisioning
1578 * added support for configuring maximum number of EAP-FAST PACs to
1580 * added support for storing EAP-FAST PACs in binary format
1586 added support for EAP-FAST
1591 * updated to use IEEE 802.11w/D2.0 for management frame protection
1595 * added support for EAP-TNC (Trusted Network Connect)
1617 * fixed Windows named pipes ctrl_iface to not stop listening for
1620 * fixed USIM PIN status determination for the case that PIN is not
1623 * added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
1626 * added support for matching the subjectAltName of the authentication
1629 * fixed EAP-SIM/AKA key derivation for re-authentication case (only
1637 * added support for building Windows version with UNICODE defined
1642 * driver_ndis: added validation for IELength value in scan results to
1650 * added an alternative control interface backend for Windows targets:
1652 control interface mechanism for Windows builds (previously, UDP to
1654 * changed ctrl_interface configuration for UNIX domain sockets:
1659 - ctrl_interface=/var/run/wpa_supplicant is still supported for the
1661 * added support for controlling more than one interface per process in
1663 * added a workaround for a case where the AP is using unknown address
1664 (e.g., MAC address of the wired interface) as the source address for
1666 destination for EAPOL-Key frames and in key derivation; now, BSSID is
1669 * added a workaround for UDP-based control interface (which was used in
1683 network for enabled (e.g., after 'wpa_cli select_network 0')
1684 * winsvc: added support for configuring ctrl_interface parameters in
1694 * added support for doing MLME (IEEE 802.11 management frame
1699 * driver_ndis: Disable WZC automatically for the selected interface to
1709 * added PeerKey handshake implementation for IEEE 802.11e
1711 * fixed WPA PSK update through ctrl_iface for the case where the old
1714 * added new configuration option for identifying which network block
1719 automatically for the network and that can be used with
1727 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
1729 * added Microsoft Visual Studio 2005 solution and project files for
1730 build wpa_supplicant for Windows (see vs2005 subdirectory)
1736 * driver_ndis: added support for selecting AP based on BSSID
1737 * added new environmental variable for wpa_cli action scripts:
1739 * driver_ndis: added support for using NDISUIO instead of WinPcap for
1748 allowed for backwards compatibility, but it is not required anymore
1758 * driver_ndis: Fixed encryption mode configuration for unencrypted
1766 * config_winreg: added support for saving configuration data into
1768 * added support for controlling network device operational state
1769 (dormant/up) for Linux 2.6.17 to improve DHCP processing (see
1770 http://www.flamewarmaster.de/software/dhcpclient/ for a DHCP client
1772 * driver_wext: added support for WE-21 change to SSID configuration
1773 * driver_wext: fixed privacy configuration for static WEP keys mode
1775 * added an optional driver_ops callback for MLME-SETPROTECTION.request
1777 * added support for EAP-SAKE (no EAP method number allocated yet, so
1779 * added support for dynamically loading EAP methods (.so files) instead
1781 default (see CONFIG_DYNAMIC_EAP_METHODS in defconfig for information
1785 * do not try to use USIM APDUs when initializing PC/SC for SIM card
1786 access for a network that has not enabled EAP-AKA
1787 * fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
1788 v0.5.1 due to the new support for expanded EAP types)
1789 * added support for generating EAP Expanded Nak
1793 * added support for receiving EAPOL frames from a Linux bridge
1795 * fixed EAPOL re-authentication for sessions that used PMKSA caching
1803 * driver_wext: added fallback to use SIOCSIWENCODE for setting auth_alg
1807 * driver_test: added better support for multiple APs and STAs by using
1808 a directory with sockets that include MAC address for each device in
1810 * added support for EAP expanded type (vendor specific EAP methods)
1816 use of this directory for something else than socket files is not
1819 to disable TLS library for normal authentication
1827 * fixed PC/SC initialization for ap_scan != 1 modes (this fixes
1832 * added experimental STAKey handshake implementation for IEEE 802.11e
1846 C++ 2005 Express Edition and Platform SDK); see nmake.mak for an
1847 example makefile for nmake
1848 * added support for using Windows registry for command line parameters
1850 (CONFIG_BACKEND=winreg); see win_example.reg for an example registry
1858 * added better support for multiple control interface backends
1860 * fixed PC/SC code to use correct length for GSM AUTH command buffer
1865 * added new event loop implementation for Windows using
1867 for non-socket objects; this can be selected with
1869 * added support for selecting l2_packet implementation in .config
1872 * added new l2_packet implementation for WinPcap
1876 * added support for EAP-FAST key derivation using other ciphers than
1877 RC4-128-SHA for authentication and AES128-SHA for provisioning
1878 * added support for configuring CA certificate as DER file and as a
1881 support for using PKCS#12 as a blob
1882 * tls_gnutls: added support for using PKCS#12 files; added support for
1884 * added support for loading trusted CA certificates from Windows
1911 for variables as empty network definitions read from config file
1917 * driver_madwifi: added support for madwifi-ng
1923 * use longer timeout for IEEE 802.11 association to avoid problems with
1929 * added support for named configuration blobs in order to avoid having
1930 to use file system for external files (e.g., certificates);
1936 * driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make
1939 to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the
1941 * added support for starting wpa_supplicant without a configuration
1942 file (-C argument must be used to set ctrl_interface parameter for
1946 * added global control interface that can be optionally used for adding
1948 for both wpa_supplicant and wpa_cli) without having to restart
1960 authentication for the most common case of Authenticator starting
1964 * added a workaround for clearing keys with ndiswrapper to allow
1968 * l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW for
1969 PF_PACKET in order to prepare for network devices that do not use
1973 for EAP state machine to allow recovery from dropped EAP-Success
1981 tested with hostapd; removed support for draft 3, including
1986 * driver_wext: add support for WE-19
1987 * added support for multiple configuration backends (CONFIG_BACKEND
1990 * added support for updating configuration ('wpa_cli save_config');
1998 * replaced OpenSSL patch for EAP-FAST support
2003 * added support for using Windows certificate store (through CryptoAPI)
2004 for client certificate and private key operations (EAP-TLS)
2005 (see wpa_supplicant.conf for more information on how to configure
2009 built with the open source version of the Qt4 for Windows
2013 * added support for enabling/disabling networks from the list of all
2016 * added support for adding and removing network from the current
2020 for the new network; note: configuration file is not yet updated, so
2022 * added support for setting network configuration parameters through
2023 the control interface, for example:
2027 * added EAP workaround for PEAP session resumption: allow outer,
2030 (this was allowed for PEAPv1 before, but now it is also allowed for
2032 doing this for PEAPv0, too)
2033 * wpa_gui: added preliminary support for adding new networks to the
2038 * removed interface for external EAPOL/EAP supplicant (e.g.,
2050 * added support for using ap_scan=2 mode with multiple network blocks;
2052 driver reports a successful association; this uses the same order for
2057 * added support for matching alternative subject name extensions of the
2060 * driver_ndis: added support for IEEE 802.1X authentication with wired
2062 * added support for querying private key password (EAP-TLS) through the
2070 * added support for using password with EAP-PAX (as an alternative to
2073 * added support for arbitrary driver interface parameters through the
2078 specific TX/RX functions for EAPOL frames
2079 * fixed ctrl_interface_group processing for the case where gid is
2081 * driver_test: added support for testing hostapd with wpa_supplicant
2089 * driver_madwifi: added preliminary support for compiling against 'BSD'
2091 * added support for EAP-MSCHAPv2 password retries within the same EAP
2093 * added support for password changes with EAP-MSCHAPv2 (used when the
2095 * added support for reading additional certificates from PKCS#12 files
2106 * added 'disconnect' command to control interface for setting
2109 * added support for selecting a network from the list of all configured
2112 * added support for getting scan results through control interface
2113 * added EAP workaround for PEAPv1 session resumption: allow outer,
2124 * added support for wired authentication (IEEE 802.1X on wired
2128 (calls to set_wpa() are still present for backwards compatibility,
2134 * added support for sending TLS alerts
2135 * added support for 'any' SSID wildcard; if ssid is not configured or
2136 is set to an empty string, any SSID will be accepted for non-WPA AP
2137 * added support for asking PIN (for SIM) from frontends (e.g.,
2141 * added support for using external devices (e.g., a smartcard) for
2146 * added experimental support for EAP-PAX
2147 * added monitor mode for wpa_cli (-a<path to a program to run>) that
2155 * added support for opportunistic WPA2 PMKSA key caching (disabled by
2157 * fixed RSN IE in 4-Way Handshake message 2/4 for the case where
2160 * added -P<pid file> argument for wpa_supplicant to write the current
2171 * fixed reprocessing of pending request after ctrl_iface requests for
2173 * fixed ctrl_iface requests for identity/password/otp in Phase 2 of
2182 * fixed a busy loop introduced in v0.3.5 for scan result processing
2186 * added a workaround for an interoperability issue with a Cisco AP
2193 * fixed EAP workaround and fast reauthentication configuration for
2197 * added support for blacklisting APs that fail or timeout
2207 * added preliminary support for IBSS (ad-hoc) mode configuration
2210 key management; see wpa_supplicant.conf for more details and an
2212 only for driver_hostapd.c, but the changes should be trivial to add
2213 in associate() handler for other drivers, too (assuming the driver
2215 * added preliminary port for native Windows (i.e., no cygwin) using
2219 * added optional support for GNU Readline and History Libraries for
2223 EAP-Failure but waiting for timeout
2224 * added couple of workarounds for interoperability issues with a
2226 * added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
2227 Note: This requires a patch for openssl to add support for TLS
2228 extensions and number of workarounds for operations without
2233 * fixed private key loading for cases where passphrase is not set
2236 * added support for PMKSA caching with drivers that generate RSN IEs
2239 ndiswrapper gets full support for RSN PMKSA caching
2242 * driver_ndis: added support for NDIS NdisMIncidateStatus() events
2246 * added support for driver interfaces to replace the interface name
2250 * added support for CR+LF (Windows-style) line ends in configuration
2259 * added support for driver events to add PMKID candidates in order to
2262 function so that this will not be set for plaintext connections
2266 * fixed static WEP key configuration to use broadcast/default type for
2269 * driver_ndis: added legacy WPA capability detection for non-WPA2
2271 * added support for setting static WEP keys for IEEE 802.1X without
2275 * added support for reading PKCS#12 (PFX) files (as a replacement for
2278 * added new ap_scan mode, ap_scan=2, for drivers that take care of
2284 policy (i.e., only one option in the lists) for key_mgmt, pairwise,
2286 * added experimental port of wpa_supplicant for Windows
2295 easier for drivers to configure authentication algorithm as part of
2299 * driver_broadcom: added new driver interface for Broadcom wl.o driver
2300 (a generic driver for Broadcom IEEE 802.11a/g cards)
2306 * PEAPv1: added support for terminating PEAP authentication on tunneled
2312 the old label for key derivation; previously, the default was 1,
2315 * added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
2317 * added support for configuring list of allowed Phase 2 EAP types
2318 (for both EAP-PEAP and EAP-TTLS) instead of only one type
2319 * added support for configuring IEEE 802.11 authentication algorithm
2320 (auth_alg; mainly for using Shared Key authentication with static
2322 * added support for EAP-AKA (with UMTS SIM)
2324 random-looking errors for EAP-SIM
2325 * added support for EAP-SIM pseudonyms and fast re-authentication
2326 * added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS
2328 * added support for EAP-SIM with two challenges
2330 * added support for configuring DH/DSA parameters for an ephemeral DH
2332 dh_file and dh_file2 (phase 2); this adds support for using DSA keys
2334 * added support for matching subject of the authentication server
2338 interfaces) to use ssid_len+1 as the length for SSID since some Linux
2342 * added driver interface for Intel ipw2100 driver
2343 * added support for LEAP with WPA
2344 * added support for larger scan results report (old limit was 4 kB of
2348 only if there is a PMKSA cache entry for the current AP
2349 * fixed error handling for case where reading of scan results fails:
2355 * added support for timestamping debug log messages (disabled by
2357 * set pairwise/group cipher suite for non-WPA IEEE 802.1X to WEP-104
2363 handshake for ndiswrapper & NDIS driver which seems to be suffering
2373 * added support for controlling multiple interfaces (radios) per
2377 * added a workaround for EAP servers that incorrectly use same Id for
2388 * added support for FreeBSD and driver interface for the BSD net80211
2397 * driver_madwifi: fixed WEP key configuration for IEEE 802.1X when the
2398 AP is using non-zero key index for the unicast key and key index zero
2399 for the broadcast key
2405 currently, this can be used only for non-WPA IEEE 802.1X mode, but
2407 Linux wireless extensions get support for this
2408 * added support for mode in which the driver is responsible for AP
2416 * added support for new EAP authentication methods:
2418 * added support for asking one-time-passwords from frontends (e.g.,
2420 but the password is used only once and the frontend will be asked for
2431 * changed control frontends to use a new directory for socket files to
2432 make it easier for wpa_cli to automatically select between interfaces
2433 and to provide access control for the control interface;
2442 * added support for LEAP
2443 * added driver interface for Linux ndiswrapper
2444 * added priority option for network blocks in the configuration file;
2446 results are searched for matches with network blocks in this order)
2450 * fixed control interface socket removal for some error cases
2452 * small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and
2455 (mostly for testing; by default, the highest version supported by
2458 * added support for madwifi driver (Atheros ar521x)
2459 * added a workaround for cases where AP sets Install Tx/Rx bit for
2461 the Group Key would be used for Tx and the AP would drop frames
2463 * added GSM SIM/USIM interface for GSM authentication algorithm for
2465 * added support for ATMEL AT76C5XXx driver
2469 * added support for using plaintext and static WEP networks
2473 * added support for new EAP authentication methods:
2487 * added support for anonymous identity (to be used when identity is
2491 * added support for requesting identity and password information using
2492 control interface; in other words, the password for EAP-PEAP or
2500 * use openssl/libcrypto for MD5 and SHA-1 when compiling wpa_supplicant
2503 anyway for TLS)
2508 * added support for internal IEEE 802.1X (actually, IEEE 802.1aa/D6.1)
2510 - EAPOL state machines for Supplicant [IEEE 802.1aa/D6.1]
2526 be edited for this (uncomment lines for selected functionality)
2529 * added support for non-WPA IEEE 802.1X mode with dynamic WEP keys
2532 * added support for IEEE 802.11i/RSN (WPA2)
2539 * added interface for external programs (frontends) to control
2545 - .config file for make