|
@@ -200,7 +200,7 @@ fast_reauth=1
|
|
|
#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
|
|
#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
|
|
|
|
|
|
|
|
# Driver interface parameters
|
|
# Driver interface parameters
|
|
|
-# This field can be used to configure arbitrary driver interace parameters. The
|
|
|
|
|
|
|
+# This field can be used to configure arbitrary driver interface parameters. The
|
|
|
# format is specific to the selected driver interface. This field is not used
|
|
# format is specific to the selected driver interface. This field is not used
|
|
|
# in most cases.
|
|
# in most cases.
|
|
|
#driver_param="field=value"
|
|
#driver_param="field=value"
|
|
@@ -918,7 +918,7 @@ fast_reauth=1
|
|
|
#
|
|
#
|
|
|
# Following fields are only used with internal EAP implementation.
|
|
# Following fields are only used with internal EAP implementation.
|
|
|
# eap: space-separated list of accepted EAP methods
|
|
# eap: space-separated list of accepted EAP methods
|
|
|
-# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
|
|
|
|
|
|
|
+# MD5 = EAP-MD5 (insecure and does not generate keying material ->
|
|
|
# cannot be used with WPA; to be used as a Phase 2 method
|
|
# cannot be used with WPA; to be used as a Phase 2 method
|
|
|
# with EAP-PEAP or EAP-TTLS)
|
|
# with EAP-PEAP or EAP-TTLS)
|
|
|
# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
|
|
# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
|
|
@@ -1009,23 +1009,23 @@ fast_reauth=1
|
|
|
# automatically converted into DH params.
|
|
# automatically converted into DH params.
|
|
|
# subject_match: Substring to be matched against the subject of the
|
|
# subject_match: Substring to be matched against the subject of the
|
|
|
# authentication server certificate. If this string is set, the server
|
|
# authentication server certificate. If this string is set, the server
|
|
|
-# sertificate is only accepted if it contains this string in the subject.
|
|
|
|
|
|
|
+# certificate is only accepted if it contains this string in the subject.
|
|
|
# The subject string is in following format:
|
|
# The subject string is in following format:
|
|
|
# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
|
|
# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
|
|
|
-# Note: Since this is a substring match, this cannot be used securily to
|
|
|
|
|
|
|
+# Note: Since this is a substring match, this cannot be used securely to
|
|
|
# do a suffix match against a possible domain name in the CN entry. For
|
|
# do a suffix match against a possible domain name in the CN entry. For
|
|
|
# such a use case, domain_suffix_match or domain_match should be used
|
|
# such a use case, domain_suffix_match or domain_match should be used
|
|
|
# instead.
|
|
# instead.
|
|
|
# altsubject_match: Semicolon separated string of entries to be matched against
|
|
# altsubject_match: Semicolon separated string of entries to be matched against
|
|
|
# the alternative subject name of the authentication server certificate.
|
|
# the alternative subject name of the authentication server certificate.
|
|
|
-# If this string is set, the server sertificate is only accepted if it
|
|
|
|
|
|
|
+# If this string is set, the server certificate is only accepted if it
|
|
|
# contains one of the entries in an alternative subject name extension.
|
|
# contains one of the entries in an alternative subject name extension.
|
|
|
# altSubjectName string is in following format: TYPE:VALUE
|
|
# altSubjectName string is in following format: TYPE:VALUE
|
|
|
# Example: EMAIL:server@example.com
|
|
# Example: EMAIL:server@example.com
|
|
|
# Example: DNS:server.example.com;DNS:server2.example.com
|
|
# Example: DNS:server.example.com;DNS:server2.example.com
|
|
|
# Following types are supported: EMAIL, DNS, URI
|
|
# Following types are supported: EMAIL, DNS, URI
|
|
|
# domain_suffix_match: Constraint for server domain name. If set, this FQDN is
|
|
# domain_suffix_match: Constraint for server domain name. If set, this FQDN is
|
|
|
-# used as a suffix match requirement for the AAAserver certificate in
|
|
|
|
|
|
|
+# used as a suffix match requirement for the AAA server certificate in
|
|
|
# SubjectAltName dNSName element(s). If a matching dNSName is found, this
|
|
# SubjectAltName dNSName element(s). If a matching dNSName is found, this
|
|
|
# constraint is met. If no dNSName values are present, this constraint is
|
|
# constraint is met. If no dNSName values are present, this constraint is
|
|
|
# matched against SubjectName CN using same suffix match comparison.
|
|
# matched against SubjectName CN using same suffix match comparison.
|
|
@@ -1278,13 +1278,13 @@ fast_reauth=1
|
|
|
##### Fast Session Transfer (FST) support #####################################
|
|
##### Fast Session Transfer (FST) support #####################################
|
|
|
#
|
|
#
|
|
|
# The options in this section are only available when the build configuration
|
|
# The options in this section are only available when the build configuration
|
|
|
-# option CONFIG_FST is set while compiling hostapd. They allow this interface
|
|
|
|
|
-# to be a part of FST setup.
|
|
|
|
|
|
|
+# option CONFIG_FST is set while compiling wpa_supplicant. They allow this
|
|
|
|
|
+# interface to be a part of FST setup.
|
|
|
#
|
|
#
|
|
|
# FST is the transfer of a session from a channel to another channel, in the
|
|
# FST is the transfer of a session from a channel to another channel, in the
|
|
|
# same or different frequency bands.
|
|
# same or different frequency bands.
|
|
|
#
|
|
#
|
|
|
-# For detals, see IEEE Std 802.11ad-2012.
|
|
|
|
|
|
|
+# For details, see IEEE Std 802.11ad-2012.
|
|
|
|
|
|
|
|
# Identifier of an FST Group the interface belongs to.
|
|
# Identifier of an FST Group the interface belongs to.
|
|
|
#fst_group_id=bond0
|
|
#fst_group_id=bond0
|
Jouni Malinen