- -
-Project source code and related files are maintained in a version -control system. The first version up to and including 0.5.x were -maintained in a CVS repository. Starting from 0.6.x, repositories -moved to using GIT. In addition, Host AP driver is now maintained with -the rest of the Linux kernel tree (which is also using GIT). -
- -Using git protocol: git://w1.fi/srv/git/hostap.git
- -Using HTTP (if git protocol is firewalled): http://w1.fi/hostap.git
- -(e.g., to get a clone of the repository you can use git with
-"git clone git://w1.fi/srv/git/hostap.git").
WWW interface (gitweb) to the repository: -http://w1.fi/gitweb/gitweb.cgi
- - - --Anonymous read-only CVS access to the Host AP driver, hostapd, and -wpa_supplicant CVS repository is available using CVS pserver: -
- -export CVSROOT=":pserver:anonymous@hostap.epitest.fi:/cvs"
cvs login
Password is empty, so just hit enter when prompted for a password.
- -After you have logged in once, you can checkout the source:
- -cvs checkout hostap
-If you want to compress the stream to save bandwidth, you can add -z3
-option to the command (cvs -z3 checkout hostap).
-
-Also other CVS commands like update and log can
-be used.
-
hostapd is a user space daemon for access point and authentication -servers. It implements IEEE 802.11 access point management, IEEE -802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and -RADIUS authentication server. The current version supports Linux (Host -AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).
- -hostapd is designed to be a "daemon" program that runs in the -background and acts as the backend component controlling -authentication. hostapd supports separate frontend programs and an -example text-based frontend, hostapd_cli, is included with -hostapd.
- -Following methods are also supported, but since they do not generate keying -material, they cannot be used with WPA or IEEE 802.1X WEP keying.
- -More information about EAP methods and interoperability testing is -available in eap_testing.txt.
- - -
-hostapd
-Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi>
-and contributors.
-
-This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License version 2 as -published by the Free Software Foundation. See -COPYING -for more details. -
- -Alternatively, this software may be distributed, used, and modified -under the terms of BSD license. See README -for more details.
- --Please see -README -for the current documentation.
- - -The original security mechanism of IEEE 802.11 standard was not -designed to be strong and has proven to be insufficient for most -networks that require some kind of security. Task group I (Security) -of IEEE 802.11 working group -has worked to address the flaws of the base standard and in -practice completed its work in May 2004. The IEEE 802.11i amendment to -the IEEE 802.11 standard was approved in June 2004 and published in -July 2004.
- -Wi-Fi Alliance used a draft -version of the IEEE 802.11i work (draft 3.0) to define a subset of the -security enhancements that can be implemented with existing wlan -hardware. This is called Wi-Fi Protected Access (WPA). This has -now become a mandatory component of interoperability testing and -certification done by Wi-Fi Alliance. Wi-Fi has -information -about WPA at its web site.
- -IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm -for protecting wireless networks. WEP uses RC4 with 40-bit keys, -24-bit initialization vector (IV), and CRC32 to protect against packet -forgery. All these choices have proven to be insufficient: key space is -too small against current attacks, RC4 key scheduling is insufficient -(beginning of the pseudorandom stream should be skipped), IV space is -too small and IV reuse makes attacks easier, there is no replay -protection, and non-keyed authentication does not protect against bit -flipping packet data.
- -WPA is an intermediate solution for the security issues. It uses -Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a -compromise on strong security and possibility to use existing -hardware. It still uses RC4 for the encryption like WEP, but with -per-packet RC4 keys. In addition, it implements replay protection, -keyed packet authentication mechanism (Michael MIC).
- -Keys can be managed using two different mechanisms. WPA can either use -an external authentication server (e.g., RADIUS) and EAP just like -IEEE 802.1X is using or pre-shared keys without need for additional -servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal", -respectively. Both mechanisms will generate a master session key for -the Authenticator (AP) and Supplicant (client station).
- -WPA implements a new key handshake (4-Way Handshake and Group Key -Handshake) for generating and exchanging data encryption keys between -the Authenticator and Supplicant. This handshake is also used to -verify that both Authenticator and Supplicant know the master session -key. These handshakes are identical regardless of the selected key -management mechanism (only the method for generating master session -key changes).
- - -The design for parts of IEEE 802.11i that were not included in WPA -has finished (May 2004) and this amendment to IEEE 802.11 was approved -in June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new -version of WPA called WPA2. This included, e.g., support for more -robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC) -to replace TKIP, optimizations for handoff (reduced number of messages -in initial key handshake, pre-authentication, and PMKSA caching).
- -hostapd is configured using a text file that lists all the configuration -parameters. See an example configuration file, -hostapd.conf, -for detailed information about the configuration format and supported -fields.
- --Any comments, reports on success/failure, ideas for further -improvement, feature requests, etc. are welcome at j@w1.fi. -Please note, that I often receive more email than I have time to answer. -Unfortunately, some messages may not get a reply, but I'll try to go -through my mail whenever time permits. -
- --Host AP mailing list can also be used for topics related to -hostapd. Since this list has a broader audience, your likelihood of -getting responses is higher. This list is recommended for general -questions about hostapd and its development. In addition, I -will send release notes to it whenever a new version is available. -
- --The mailing list information and web archive is at http://lists.shmoo.com/mailman/listinfo/hostap. -Messages to hostap@shmoo.com will be delivered to the -subscribers. Please note, that due to large number of spam and virus -messages sent to the list address, the list is configured to accept -messages only from subscribed addresses. Messages from unsubscribed addresses -may be accepted manually, but their delivery will be delayed. -
- --If you want to make sure your bug report of feature request does not -get lost, please report it through the bug tracking system as -a new -bug/feature request. -
- -This project includes three main components:
--Host AP is a Linux driver for wireless LAN cards based on Intersil's -Prism2/2.5/3 chipset. The driver supports a so called Host AP mode, i.e., it -takes care of IEEE 802.11 management functions in the host computer -and acts as an access point. This does not require any special -firmware for the wireless LAN card. In addition to this, it has -support for normal station operations in BSS and possible also in -IBSS. WPA and RSN (WPA2) is supported when used with accompanied tools, -wpa_supplicant (WPA/RSN Supplicant) and hostapd (WPA/RSN Authenticator). All -these programs have been designed for both desktop/laptop computers and -embedded systems. -
- --Intersil's station firmware for Prism2 chipset supports a so called -Host AP mode in which the firmware takes care of time critical tasks -like beacon sending and frame acknowledging, but leaves other -management tasks to host computer driver. This driver implements basic -functionality needed to initialize and configure Prism2-based cards, -to send and receive frames, and to gather statistics. In addition, it -includes an implementation of following IEEE 802.11 functions: -authentication (and deauthentication), association (reassociation, and -disassociation), data transmission between two wireless stations, -power saving (PS) mode signaling and frame buffering for PS -stations. The driver has also various features for development -debugging and for researching IEEE 802.11 environments like access to -hardware configuration records, I/O registers, and frames with 802.11 -headers. -
- --When used with a user space daemon, the combination of the Host AP -driver and hostapd daemon includes additional features. These include -support for IEEE 802.1X and dynamic WEP rekeying, RADIUS Accounting, -RADIUS-based ACL for IEEE 802.11 authentication, minimal IAPP (IEEE -802.11f), WPA, IEEE 802.11i/RSN/WPA2. -
- --Linux -Wireless LAN Howto has some useful information about wireless LAN support -in Linux. In addition, it includes information about which cards are -Prism2-based (and can thus be used in Host AP mode). -
- -More information is available on wpa_supplicant's own page.
- -Supported WPA/IEEE 802.11i features:
-Supported drivers:
-More information is available on hostapd's own page.
- -Supported WPA/IEEE 802.11i features:
-Supported drivers:
-
-Host AP driver
-Copyright (c) 2001-2002, SSH Communications Security Corp and
-Jouni Malinen.
-Copyright (c) 2002-2007, Jouni Malinen and contributors.
-
-Author: Jouni Malinen <j@w1.fi>
-
-Host AP utils
-Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
-and contributors.
-
-hostapd
-Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi>
-and contributors.
-
-wpa_supplicant
-Copyright (c) 2003-2011, Jouni Malinen <j@w1.fi>
-and contributors.
-
-This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License version 2 as -published by the Free Software Foundation. See -COPYING -for more details. hostapd and wpa_supplicant are alternatively -available under BSD license. -
- - --Please see -README -for updated documentation of the driver. -Please also check FAQ before sending problem reports. -
- - --Note! -Host AP driver was added into the main kernel tree in Linux -v2.6.14. The version in the kernel tree should be used instead of this -external hostap-driver package. The external releases are only for -older kernel versions and all the future development will be in the -main kernel tree. -
- - --Please, note that you will need quite recent version of Wireless Tools -to use some features of the Host AP driver. Using the -latest -version of the tools is recommended. Some features might also require latest beta version. -
- --Any comments, reports on success/failure, ideas for further -improvement, feature requests, etc. are welcome at j@w1.fi. -Please note, that I often receive more email than I have time to answer. -Unfortunately, some messages may not get a reply, but I'll try to go -through my mail whenever time permits. -
- --There is also a mailing list for Host AP related messages. -Since this list has a broader audience, your likelihood of getting -responses is higher. This list is recommended for general questions -about Host AP driver and its development. In addition, I will send -release notes to it whenever a new version is available. -
- --The mailing list information and web archive is at http://lists.shmoo.com/mailman/listinfo/hostap. -Messages to hostap@shmoo.com will be delivered to the -subscribers. Please note, that due to large number of spam and virus -messages sent to the list address, the list is configured to accept -messages only from subscribed addresses. Messages from unsubscribed addresses -may be accepted manually, but their delivery will be delayed. -
- --If you want to make sure your bug report of feature request does not -get lost, please report it through the bug tracking system as -a new bug/feature request. -
- --Here are some miscellaneous links to pages related to Host AP mode, -driver, etc. Please send any corrections or additions to Jouni Malinen (j@w1.fi). -
- - -- -Host AP driver / -wpa_supplicant / -hostapd releases - -
- -
-
-
-
-
TODO
- -wpa_supplicant supports large range of security -modes and authentication types. Just looking at the reference -information of available configuration options may not provide enough -high level understanding to select which options are needed. This page -provides information about configuring wpa_supplicant and a wizard for -generating example configuration files to make it easier to understand -different security policies and how they should be configured for -wpa_supplicant.
- -The wizard goes through steps to select suitable options based on -your input. An example configuration file is updated at each -step. This example can be seen at the bottom of this page.
- -wpa_supplicant can be used with multiple operating systems and -network drivers. Most of the configuration parameters do not depend on -this, but some of the parameters may need to be changed based on -OS/driver capabilities.
- - - - - - --Wireless networks have a "network name" (SSID = Service Set -Identifier). This is a sequence of up to 32 characters. This name is -used to select which access points (AP) can be used and as such, it -must match with the SSID configured for the desired AP. -
- --Some APs allow SSIDs to be "hidden" which requires that the client is -specifically searching for the configured to SSID to be able to -connect. This may require some additional options in wpa_supplicant -configuration, so enable those here by checking "hidden SSID" if your -AP is configured to hide the SSID. This may show up as "brodcast SSID -disabled" or "hidden SSID" or something similar in the AP -configuration. Hidden SSID configuration does not prevent -wpa_supplicant from connecting to APs that do not hide SSID, so it can -be enabled for all cases. -
- - - - -TODO: write explanation for different modes
- - - - - - -TODO: different group cipher for WPA/WPA2
- - - - - - --Static WEP keys requires that at least one key is configured. Up to -four keys can be configured and one of them needs to be selected to be -used for transmitted frames. All configured keys can be used when -decrypting received frames. -
- --WEP can be used with different key length. In most cases, either -40-bit or 104-bit keys are used. These key lengths may also be shown -as 64-bit and 128-bit in some cases since WEP adds 24-bit -initialization vector into the keys. 40-bit keys can be entered as -five character string surrounded with double quotation marks, e.g., -"abcde". Alternatively, they can be entered as a hex string of ten -characters without quotation marks, e.g., 6162636465. Both of these -options configure the same key. 104-bit keys are entered similarly, -with 13-character text string or 26-character hex string. -
- --wpa_supplicant uses indexes 0 .. 3 for the WEP keys. Some other user -interfaces may use indexes 1 .. 4, so this needs to be taken into -account when determining which index to use here. -
- - --Passphrase (string of 8 to 63 characters) needs to be configured for -WPA/WPA2-Personal. This passphrase is then converted into a 256-bit -pre-shared key (PSK). Alternatively, a 256-bit PSK can be entered as -64-character hex string into the PSK field. Only one of these options -should be used. -
- -TODO: write introduction text for each EAP method
- --This configuration file can be copied to a text file that -wpa_supplicant will then be asked to use with -c<full path to -configuration file> command line option. -
- -Note: Invalid PSK
"; - t.style.visibility = "visible"; - } else if (psk.length == 0 && passphrase.length && - (passphrase.length < 8 || passphrase.length > 63)) { - t.innerHTML = "Note: Invalid passphrase
"; - t.style.visibility = "visible"; - } else { - t.innerHTML = ""; - t.style.visibility = "hidden"; - } - - if (psk.length) { - document.cred_psk_form.passphrase.disabled = true; - document.cred_psk_form.psk.disabled = false; - } else if (passphrase.length) { - document.cred_psk_form.passphrase.disabled = false; - document.cred_psk_form.psk.disabled = true; - } else { - document.cred_psk_form.passphrase.disabled = false; - document.cred_psk_form.psk.disabled = false; - } - - update_conf(); -} - - -function is_hex(s) -{ - if (s.length % 2) - return false; - - for (i = 0; i < s.length; i++) { - if (s[i] >= 'a' && s[i] <= 'f') - continue; - if (s[i] >= 'A' && s[i] <= 'F') - continue; - if (s[i] >= '0' && s[i] <= '9') - continue; - return false; - } - - return true; -} - - -function valid_wep_key(key) -{ - if (key.length == 0) - return true; - - if (key[0] == '"') { - if (key[key.length - 1] != '"') - return false; - return (key.length == 5 + 2 || key.length == 13 + 2 || - key.length == 16 + 2); - } - - return (is_hex(key) && - (key.length == 10 || key.length == 26 || key.length == 32)); -} - - -function configure_wep() -{ - var t = document.getElementById("cred_desc"); - var txt = ""; - var wep; - - wep = document.cred_wep_form.wep0.value; - if (!valid_wep_key(wep)) - txt += "Note: Invalid WEP key: " + wep + "
\n"; - wep = document.cred_wep_form.wep1.value; - if (!valid_wep_key(wep)) - txt += "Note: Invalid WEP key: " + wep + "
\n"; - wep = document.cred_wep_form.wep2.value; - if (!valid_wep_key(wep)) - txt += "Note: Invalid WEP key: " + wep + "
\n"; - wep = document.cred_wep_form.wep3.value; - if (!valid_wep_key(wep)) - txt += "Note: Invalid WEP key: " + wep + "
\n"; - - if (txt.length) { - t.innerHTML = txt; - t.style.visibility = "visible"; - } else if (t.style.visibility != "hidden") - t.style.visibility = "hidden"; - - update_conf(); -} - - -function update_eap() -{ - var eap = document.cred_eap_form.eap.value; - var n = 0; - - if (eap == "PEAP" || eap == "TTLS" || eap == "FAST") { - document.cred_eap_form.phase2[n++] = new Option("EAP-MSCHAPv2", "MSCHAPV2"); - document.cred_eap_form.phase2.selectedIndex = n - 1; - if (eap != "FAST") { - document.cred_eap_form.phase2[n++] = new Option("EAP-GTC", "GTC"); - document.cred_eap_form.phase2[n++] = new Option("EAP-MD5", "MD5"); - document.cred_eap_form.phase2[n++] = new Option("EAP-TLS", "TLS"); - document.cred_eap_form.phase2[n++] = new Option("EAP-OTP", "OTP"); - } - if (eap == "TTLS") { - document.cred_eap_form.phase2[n++] = new Option("MSCHAPv2", "_MSCHAPV2"); - document.cred_eap_form.phase2.selectedIndex = n - 1; - document.cred_eap_form.phase2[n++] = new Option("MSCHAP", "_MSCHAP"); - document.cred_eap_form.phase2[n++] = new Option("PAP", "_PAP"); - document.cred_eap_form.phase2[n++] = new Option("CHAP", "_CHAP"); - } - document.cred_eap_form.phase2.disabled = false; - } else { - document.cred_eap_form.phase2.disabled = true; - } - - for (i = 20; i >= n; i--) - document.cred_eap_form.phase2[i] = null; - - update_eap2(); -} - - -function update_eap2() -{ - var eap = document.cred_eap_form.eap.value; - var password = false; - var ca_cert = false; - var user_cert = false; - - if (eap == "PEAP" || eap == "TTLS") { - ca_cert = true; - if (document.cred_eap_form.phase2.value == "TLS") - user_cert = true; - else - password = true; - } else if (eap == "FAST") { - password = true; - } else if (eap == "GTC") { - password = true; - } else if (eap == "LEAP" || eap == "MD5" || eap == "MSCHAPV2") { - password = true; - } else if (eap == "TLS") { - ca_cert = true; - user_cert = true; - } - - if (eap == "TTLS") { - document.cred_eap_form.anon_identity.disabled = false; - document.cred_eap_form.anon_identity.value = "anonymous"; - } else if (eap == "FAST") { - document.cred_eap_form.anon_identity.disabled = false; - document.cred_eap_form.anon_identity.value = "FAST-000000000000"; - } else { - document.cred_eap_form.anon_identity.disabled = true; - } - document.cred_eap_form.password.disabled = !password; - if (ca_cert) { - document.cred_eap_form.ca_cert.disabled = false; - if (document.cred_eap_form.ca_cert.value.length == 0) - document.cred_eap_form.ca_cert.value = "/etc/ca.pem"; - } else { - document.cred_eap_form.ca_cert.disabled = true; - } - document.cred_eap_form.client_cert.disabled = !user_cert; - document.cred_eap_form.private_key.disabled = !user_cert; - document.cred_eap_form.private_key_passwd.disabled = !user_cert; - - if (eap == "FAST") { - document.cred_eap_form.pac_file.disabled = false; - if (document.cred_eap_form.pac_file.value.length == 0) - document.cred_eap_form.pac_file.value = "/etc/fast.pac"; - } else { - document.cred_eap_form.pac_file.disabled = true; - } - - configure_eap(); -} - - -function configure_eap() -{ - update_conf(); -} - - -function update_conf() -{ - var t = document.getElementById("exampleconf"); - var txt = ""; - var indent = " "; - var ap_scan = conf_ap_scan; - var drv = document.os_driver.driver.value; - - update_cred(); - - if (document.network.hidden_ssid.checked && ap_scan == 1 && - drv != "hostap" && drv != "madwifi") { - /* if the selected driver does not support scan_ssid, must use - * ap_scan=2 mode with hidden SSIDs */ - txt += "# this driver requires ap_scan=2 mode when using hidden SSIDsTODO
- -TODO
- -TODO
- - - -wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and -Windows with -support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both -desktop/laptop computers and embedded systems. Supplicant is the IEEE -802.1X/WPA component that is used in the client stations. It -implements key negotiation with a WPA Authenticator and it controls -the roaming and IEEE 802.11 authentication/association of the wlan -driver.
- -wpa_supplicant is designed to be a "daemon" program that runs in the -background and acts as the backend component controlling the wireless -connection. wpa_supplicant supports separate frontend programs and a -text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with -wpa_supplicant.
- -wpa_supplicant uses a flexible build configuration that can be used -to select which features are included. This allows minimal code size -(from ca. 50 kB binary for WPA/WPA2-Personal and 130 kB binary for -WPA/WPA2-Enterprise without debugging code to 450 kB with most -features and full debugging support; these example sizes are from a -build for x86 target).
- - -Following methods are also supported, but since they do not generate keying -material, they cannot be used with WPA or IEEE 802.1X WEP keying.
- -More information about EAP methods and interoperability testing is -available in eap_testing.txt.
- - -wpa_supplicant was designed to be portable for different drivers and -operating systems. Hopefully, support for more wlan cards and OSes will be -added in the future. See developers' documentation -for more information about the design of wpa_supplicant and porting to -other drivers.
- -
-wpa_supplicant
-Copyright (c) 2003-2011, Jouni Malinen <j@w1.fi>
-and contributors.
-
-This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License version 2 as -published by the Free Software Foundation. See -COPYING -for more details. -
- -Alternatively, this software may be distributed, used, and modified -under the terms of BSD license. See README -for more details.
- -
-Please see
-README
-for the current documentation.
-README-Windows.txt
-has some more information about the Windows port of wpa_supplicant.
The original security mechanism of IEEE 802.11 standard was not -designed to be strong and has proven to be insufficient for most -networks that require some kind of security. Task group I (Security) -of IEEE 802.11 working group -has worked to address the flaws of the base standard and in -practice completed its work in May 2004. The IEEE 802.11i amendment to -the IEEE 802.11 standard was approved in June 2004 and published in -July 2004.
- -Wi-Fi Alliance used a draft -version of the IEEE 802.11i work (draft 3.0) to define a subset of the -security enhancements that can be implemented with existing wlan -hardware. This is called Wi-Fi Protected Access (WPA). This has -now become a mandatory component of interoperability testing and -certification done by Wi-Fi Alliance. Wi-Fi has -information -about WPA at its web site.
- -IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm -for protecting wireless networks. WEP uses RC4 with 40-bit keys, -24-bit initialization vector (IV), and CRC32 to protect against packet -forgery. All these choices have proven to be insufficient: key space is -too small against current attacks, RC4 key scheduling is insufficient -(beginning of the pseudorandom stream should be skipped), IV space is -too small and IV reuse makes attacks easier, there is no replay -protection, and non-keyed authentication does not protect against bit -flipping packet data.
- -WPA is an intermediate solution for the security issues. It uses -Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a -compromise on strong security and possibility to use existing -hardware. It still uses RC4 for the encryption like WEP, but with -per-packet RC4 keys. In addition, it implements replay protection, -keyed packet authentication mechanism (Michael MIC).
- -Keys can be managed using two different mechanisms. WPA can either use -an external authentication server (e.g., RADIUS) and EAP just like -IEEE 802.1X is using or pre-shared keys without need for additional -servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal", -respectively. Both mechanisms will generate a master session key for -the Authenticator (AP) and Supplicant (client station).
- -WPA implements a new key handshake (4-Way Handshake and Group Key -Handshake) for generating and exchanging data encryption keys between -the Authenticator and Supplicant. This handshake is also used to -verify that both Authenticator and Supplicant know the master session -key. These handshakes are identical regardless of the selected key -management mechanism (only the method for generating master session -key changes).
- - -The design for parts of IEEE 802.11i that were not included in WPA -has finished (May 2004) and this amendment to IEEE 802.11 was approved -in June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new -version of WPA called WPA2. This included, e.g., support for more -robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC) -to replace TKIP, optimizations for handoff (reduced number of messages -in initial key handshake, pre-authentication, and PMKSA caching).
- -Following steps are used when associating with an AP using WPA:
-
wpa_supplicant is configured using a text file that lists all accepted -networks and security policies, including pre-shared keys. See -example configuration file, -wpa_supplicant.conf, -for detailed information about the configuration format and supported -fields. In addition, simpler example configurations are available for -plaintext, -static WEP, -IEEE 802.1X with dynamic WEP (EAP-PEAP/MSCHAPv2), -WPA-PSK/TKIP, and -WPA2-EAP/CCMP (EAP-TLS). -In addition, wpa_supplicant can use OpenSSL engine to avoid need for -exposing private keys in the file system. This can be used for EAP-TLS -authentication with smartcards and TPM tokens. -Example configuration for using openCryptoki -shows an example network block and related parameters for EAP-TLS -authentication using PKCS#11 TPM token. -
- --Any comments, reports on success/failure, ideas for further -improvement, feature requests, etc. are welcome at j@w1.fi. -Please note, that I often receive more email than I have time to answer. -Unfortunately, some messages may not get a reply, but I'll try to go -through my mail whenever time permits. -
- -Host AP mailing list can also be used for topics related to -wpa_supplicant. Since this list has a broader audience, your likelihood -of getting responses is higher. This list is recommended for general -questions about wpa_supplicant and its development. In addition, I -will send release notes to it whenever a new version is available. -
- --The mailing list information and web archive is at http://lists.shmoo.com/mailman/listinfo/hostap. -Messages to hostap@shmoo.com will be delivered to the -subscribers. Please note, that due to large number of spam and virus -messages sent to the list address, the list is configured to accept -messages only from subscribed addresses. Messages from unsubscribed addresses -may be accepted manually, but their delivery will be delayed. -
- --If you want to make sure your bug report of feature request does not -get lost, please report it through the bug tracking system as -a new -bug/feature request. -
- -
-
-
-
-
-
-
-
-
-
-