Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1 | ChangeLog for wpa_supplicant |
| 2 | |
Dmitry Shmidt | b5d893b | 2014-06-04 15:28:27 -0700 | [diff] [blame] | 3 | 2014-06-04 - v2.2 |
| 4 | * added DFS indicator to get_capability freq |
| 5 | * added/fixed nl80211 functionality |
| 6 | - BSSID/frequency hint for driver-based BSS selection |
| 7 | - fix tearing down WDS STA interfaces |
| 8 | - support vendor specific driver command |
| 9 | (VENDOR <vendor id> <sub command id> [<hex formatted data>]) |
| 10 | - GO interface teardown optimization |
| 11 | - allow beacon interval to be configured for IBSS |
| 12 | - add SHA256-based AKM suites to CONNECT/ASSOCIATE commands |
| 13 | * removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL control |
| 14 | interface commands (the more generic NFC_REPORT_HANDOVER is now used) |
| 15 | * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding; |
| 16 | this fixes password with include UTF-8 characters that use |
| 17 | three-byte encoding EAP methods that use NtPasswordHash |
| 18 | * fixed couple of sequencies where radio work items could get stuck, |
| 19 | e.g., when rfkill blocking happens during scanning or when |
| 20 | scan-for-auth workaround is used |
| 21 | * P2P enhancements/fixes |
| 22 | - enable enable U-APSD on GO automatically if the driver indicates |
| 23 | support for this |
| 24 | - fixed some service discovery cases with broadcast queries not being |
| 25 | sent to all stations |
| 26 | - fixed Probe Request frame triggering invitation to trigger only a |
| 27 | single invitation instance even if multiple Probe Request frames are |
| 28 | received |
| 29 | - fixed a potential NULL pointer dereference crash when processing an |
| 30 | invalid Invitation Request frame |
| 31 | - add optional configuration file for the P2P_DEVICE parameters |
| 32 | - optimize scan for GO during persistent group invocation |
| 33 | - fix possible segmentation fault when PBC overlap is detected while |
| 34 | using a separate P2P group interface |
| 35 | - improve GO Negotiation robustness by allowing GO Negotiation |
| 36 | Confirmation to be retransmitted |
| 37 | - do use freed memory on device found event when P2P NFC |
| 38 | * added phase1 network parameter options for disabling TLS v1.1 and v1.2 |
| 39 | to allow workarounds with misbehaving AAA servers |
| 40 | (tls_disable_tlsv1_1=1 and tls_disable_tlsv1_2=1) |
| 41 | * added support for OCSP stapling to validate AAA server certificate |
| 42 | during TLS exchange |
| 43 | * Interworking/Hotspot 2.0 enhancements |
| 44 | - prefer the last added network in Interworking connection to make the |
| 45 | behavior more consistent with likely user expectation |
| 46 | - roaming partner configuration (roaming_partner within a cred block) |
| 47 | - support Hotspot 2.0 Release 2 |
| 48 | * "hs20_anqp_get <BSSID> 8" to request OSU Providers list |
| 49 | * "hs20_icon_request <BSSID> <icon filename>" to request icon files |
| 50 | * "fetch_osu" and "cancel_osu_fetch" to start/stop full OSU provider |
| 51 | search (all suitable APs in scan results) |
| 52 | * OSEN network for online signup connection |
| 53 | * min_{dl,ul}_bandwidth_{home,roaming} cred parameters |
| 54 | * max_bss_load cred parameter |
| 55 | * req_conn_capab cred parameter |
| 56 | * sp_priority cred parameter |
| 57 | * ocsp cred parameter |
| 58 | * slow down automatic connection attempts on EAP failure to meet |
| 59 | required behavior (no more than 10 retries within a 10-minute |
| 60 | interval) |
| 61 | * sample implementation of online signup client (both SPP and |
| 62 | OMA-DM protocols) (hs20/client/*) |
| 63 | - fixed GAS indication for additional comeback delay with status |
| 64 | code 95 |
| 65 | - extend ANQP_GET to accept Hotspot 2.0 subtypes |
| 66 | ANQP_GET <addr> <info id>[,<info id>]... |
| 67 | [,hs20:<subtype>][...,hs20:<subtype>] |
| 68 | - add control interface events CRED-ADDED <id>, |
| 69 | CRED-MODIFIED <id> <field>, CRED-REMOVED <id> |
| 70 | - add "GET_CRED <id> <field>" command |
| 71 | - enable FT for the connection automatically if the AP advertises |
| 72 | support for this |
| 73 | - fix a case where auto_interworking=1 could end up stopping scanning |
| 74 | * fixed TDLS interoperability issues with supported operating class in |
| 75 | some deployed stations |
| 76 | * internal TLS implementation enhancements/fixes |
| 77 | - add SHA256-based cipher suites |
| 78 | - add DHE-RSA cipher suites |
| 79 | - fix X.509 validation of PKCS#1 signature to check for extra data |
| 80 | * fixed PTK derivation for CCMP-256 and GCMP-256 |
| 81 | * added "reattach" command for fast reassociate-back-to-same-BSS |
| 82 | * allow PMF to be enabled for AP mode operation with the ieee80211w |
| 83 | parameter |
| 84 | * added "get_capability tdls" command |
| 85 | * added option to set config blobs through control interface with |
| 86 | "SET blob <name> <hexdump>" |
| 87 | * D-Bus interface extensions/fixes |
| 88 | - make p2p_no_group_iface configurable |
| 89 | - declare ServiceDiscoveryRequest method properly |
| 90 | - export peer's device address as a property |
| 91 | - make reassociate command behave like the control interface one, |
| 92 | i.e., to allow connection from disconnected state |
| 93 | * added optional "freq=<channel ranges>" parameter to SET pno |
| 94 | * added optional "freq=<channel ranges>" parameter to SELECT_NETWORK |
| 95 | * fixed OBSS scan result processing for 20/40 MHz co-ex report |
| 96 | * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled |
| 97 | whenever CONFIG_WPS=y is set |
| 98 | * fixed regression in parsing of WNM Sleep Mode exit key data |
| 99 | * fixed potential segmentation fault and memory leaks in WNM neighbor |
| 100 | report processing |
| 101 | * EAP-pwd fixes |
| 102 | - fragmentation of PWD-Confirm-Resp |
| 103 | - fix memory leak when fragmentation is used |
| 104 | - fix possible segmentation fault on EAP method deinit if an invalid |
| 105 | group is negotiated |
| 106 | * added MACsec/IEEE Std 802.1X-2010 PAE implementation (currently |
| 107 | available only with the macsec_qca driver wrapper) |
| 108 | * fixed EAP-SIM counter-too-small message |
| 109 | * added 'dup_network <id_s> <id_d> <name>' command; this can be used to |
| 110 | clone the psk field without having toextract it from wpa_supplicant |
| 111 | * fixed GSM authentication on USIM |
| 112 | * added support for usin epoll in eloop (CONFIG_ELOOP_EPOLL=y) |
| 113 | * fixed some concurrent virtual interface cases with dedicated P2P |
| 114 | management interface to not catch events from removed interface (this |
| 115 | could result in the management interface getting disabled) |
| 116 | * fixed a memory leak in SAE random number generation |
| 117 | * fixed off-by-one bounds checking in printf_encode() |
| 118 | - this could result in some control interface ATTACH command cases |
| 119 | terminating wpa_supplicant |
| 120 | * fixed EAPOL-Key exchange when GCMP is used with SHA256-based AKM |
| 121 | * various bug fixes |
| 122 | |
Dmitry Shmidt | 3c47937 | 2014-02-04 10:50:36 -0800 | [diff] [blame] | 123 | 2014-02-04 - v2.1 |
| 124 | * added support for simultaneous authentication of equals (SAE) for |
Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 125 | stronger password-based authentication with WPA2-Personal |
Dmitry Shmidt | 3c47937 | 2014-02-04 10:50:36 -0800 | [diff] [blame] | 126 | * improved P2P negotiation and group formation robustness |
| 127 | - avoid unnecessary Dialog Token value changes during retries |
| 128 | - avoid more concurrent scanning cases during full group formation |
| 129 | sequence |
| 130 | - do not use potentially obsolete scan result data from driver |
| 131 | cache for peer discovery/updates |
| 132 | - avoid undesired re-starting of GO negotiation based on Probe |
| 133 | Request frames |
| 134 | - increase GO Negotiation and Invitation timeouts to address busy |
| 135 | environments and peers that take long time to react to messages, |
| 136 | e.g., due to power saving |
| 137 | - P2P Device interface type |
| 138 | * improved P2P channel selection (use more peer information and allow |
| 139 | more local options) |
| 140 | * added support for optional per-device PSK assignment by P2P GO |
| 141 | (wpa_cli p2p_set per_sta_psk <0/1>) |
| 142 | * added P2P_REMOVE_CLIENT for removing a client from P2P groups |
| 143 | (including persistent groups); this can be used to securely remove |
| 144 | a client from a group if per-device PSKs are used |
| 145 | * added more configuration flexibility for allowed P2P GO/client |
| 146 | channels (p2p_no_go_freq list and p2p_add_cli_chan=0/1) |
| 147 | * added nl80211 functionality |
| 148 | - VHT configuration for nl80211 |
| 149 | - MFP (IEEE 802.11w) information for nl80211 command API |
| 150 | - support split wiphy dump |
| 151 | - FT (IEEE 802.11r) with driver-based SME |
| 152 | - use advertised number of supported concurrent channels |
| 153 | - QoS Mapping configuration |
| 154 | * improved TDLS negotiation robustness |
| 155 | * added more TDLS peer parameters to be configured to the driver |
| 156 | * optimized connection time by allowing recently received scan results |
| 157 | to be used instead of having to run through a new scan |
| 158 | * fixed ctrl_iface BSS command iteration with RANGE argument and no |
| 159 | exact matches; also fixed argument parsing for some cases with |
| 160 | multiple arguments |
| 161 | * added 'SCAN TYPE=ONLY' ctrl_iface command to request manual scan |
| 162 | without executing roaming/network re-selection on scan results |
| 163 | * added Session-Id derivation for EAP peer methods |
| 164 | * added fully automated regression testing with mac80211_hwsim |
| 165 | * changed configuration parser to reject invalid integer values |
| 166 | * allow AP/Enrollee to be specified with BSSID instead of UUID for |
| 167 | WPS ER operations |
| 168 | * disable network block temporarily on repeated connection failures |
| 169 | * changed the default driver interface from wext to nl80211 if both are |
| 170 | included in the build |
| 171 | * remove duplicate networks if WPS provisioning is run multiple times |
| 172 | * remove duplicate networks when Interworking network selection uses the |
| 173 | same network |
| 174 | * added global freq_list configuration to allow scan frequencies to be |
| 175 | limited for all cases instead of just for a specific network block |
| 176 | * added support for BSS Transition Management |
| 177 | * added option to use "IFNAME=<ifname> " prefix to use the global |
| 178 | control interface connection to perform per-interface commands; |
| 179 | similarly, allow global control interface to be used as a monitor |
| 180 | interface to receive events from all interfaces |
| 181 | * fixed OKC-based PMKSA cache entry clearing |
| 182 | * fixed TKIP group key configuration with FT |
| 183 | * added support for using OCSP stapling to validate server certificate |
| 184 | (ocsp=1 as optional and ocsp=2 as mandatory) |
| 185 | * added EAP-EKE peer |
| 186 | * added peer restart detection for IBSS RSN |
| 187 | * added domain_suffix_match (and domain_suffix_match2 for Phase 2 |
| 188 | EAP-TLS) to specify additional constraint for the server certificate |
| 189 | domain name |
| 190 | * added support for external SIM/USIM processing in EAP-SIM, EAP-AKA, |
| 191 | and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control |
| 192 | interface) |
| 193 | * added global bgscan configuration option as a default for all network |
| 194 | blocks that do not specify their own bgscan parameters |
| 195 | * added D-Bus methods for TDLS |
| 196 | * added more control to scan requests |
| 197 | - "SCAN freq=<freq list>" can be used to specify which channels are |
| 198 | scanned (comma-separated frequency ranges in MHz) |
| 199 | - "SCAN passive=1" can be used to request a passive scan (no Probe |
| 200 | Request frames are sent) |
| 201 | - "SCAN use_id" can be used to request a scan id to be returned and |
| 202 | included in event messages related to this specific scan operation |
| 203 | - "SCAN only_new=1" can be used to request the driver/cfg80211 to |
| 204 | report only BSS entries that have been updated during this scan |
| 205 | round |
| 206 | - these optional arguments to the SCAN command can be combined with |
| 207 | each other |
| 208 | * modified behavior on externally triggered scans |
| 209 | - avoid concurrent operations requiring full control of the radio when |
| 210 | an externally triggered scan is detected |
| 211 | - do not use results for internal roaming decision |
| 212 | * added a new cred block parameter 'temporary' to allow credential |
| 213 | blocks to be stored separately even if wpa_supplicant configuration |
| 214 | file is used to maintain other network information |
| 215 | * added "radio work" framework to schedule exclusive radio operations |
| 216 | for off-channel functionality |
| 217 | - reduce issues with concurrent operations that try to control which |
| 218 | channel is used |
| 219 | - allow external programs to request exclusive radio control in a way |
| 220 | that avoids conflicts with wpa_supplicant |
| 221 | * added support for using Protected Dual of Public Action frames for |
| 222 | GAS/ANQP exchanges when associated with PMF |
| 223 | * added support for WPS+NFC updates and P2P+NFC |
| 224 | - improved protocol for WPS |
| 225 | - P2P group formation/join based on NFC connection handover |
| 226 | - new IPv4 address assignment for P2P groups (ip_addr_* configuration |
| 227 | parameters on the GO) to replace DHCP |
| 228 | - option to fetch and report alternative carrier records for external |
| 229 | NFC operations |
| 230 | * various bug fixes |
Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 231 | |
| 232 | 2013-01-12 - v2.0 |
Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 233 | * removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4) |
| 234 | * removed unmaintained driver wrappers broadcom, iphone, osx, ralink, |
| 235 | hostap, madwifi (hostap and madwifi remain available for hostapd; |
| 236 | their wpa_supplicant functionality is obsoleted by wext) |
| 237 | * improved debug logging (human readable event names, interface name |
| 238 | included in more entries) |
| 239 | * changed AP mode behavior to enable WPS only for open and |
| 240 | WPA/WPA2-Personal configuration |
| 241 | * improved P2P concurrency operations |
| 242 | - better coordination of concurrent scan and P2P search operations |
| 243 | - avoid concurrent remain-on-channel operation requests by canceling |
| 244 | previous operations prior to starting a new one |
| 245 | - reject operations that would require multi-channel concurrency if |
| 246 | the driver does not support it |
| 247 | - add parameter to select whether STA or P2P connection is preferred |
| 248 | if the driver cannot support both at the same time |
| 249 | - allow driver to indicate channel changes |
| 250 | - added optional delay=<search delay in milliseconds> parameter for |
| 251 | p2p_find to avoid taking all radio resources |
| 252 | - use 500 ms p2p_find search delay by default during concurrent |
| 253 | operations |
| 254 | - allow all channels in GO Negotiation if the driver supports |
| 255 | multi-channel concurrency |
| 256 | * added number of small changes to make it easier for static analyzers |
| 257 | to understand the implementation |
| 258 | * fixed number of small bugs (see git logs for more details) |
| 259 | * nl80211: number of updates to use new cfg80211/nl80211 functionality |
| 260 | - replace monitor interface with nl80211 commands for AP mode |
| 261 | - additional information for driver-based AP SME |
| 262 | - STA entry authorization in RSN IBSS |
| 263 | * EAP-pwd: |
| 264 | - fixed KDF for group 21 and zero-padding |
| 265 | - added support for fragmentation |
| 266 | - increased maximum number of hunting-and-pecking iterations |
| 267 | * avoid excessive Probe Response retries for broadcast Probe Request |
| 268 | frames (only with drivers using wpa_supplicant AP mode SME/MLME) |
| 269 | * added "GET country" ctrl_iface command |
| 270 | * do not save an invalid network block in wpa_supplicant.conf to avoid |
| 271 | problems reading the file on next start |
| 272 | * send STA connected/disconnected ctrl_iface events to both the P2P |
| 273 | group and parent interfaces |
| 274 | * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y) |
| 275 | * added "SET pno <1/0>" ctrl_iface command to start/stop preferred |
| 276 | network offload with sched_scan driver command |
| 277 | * merged in number of changes from Android repository for P2P, nl80211, |
| 278 | and build parameters |
| 279 | * changed P2P GO mode configuration to use driver capabilities to |
| 280 | automatically enable HT operations when supported |
| 281 | * added "wpa_cli status wps" command to fetch WPA2-Personal passhrase |
| 282 | for WPS use cases in AP mode |
| 283 | * EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM |
| 284 | behavior |
| 285 | * improved reassociation behavior in cases where association is rejected |
| 286 | or when an AP disconnects us to handle common load balancing |
| 287 | mechanisms |
| 288 | - try to avoid extra scans when the needed information is available |
| 289 | * added optional "join" argument for p2p_prov_disc ctrl_iface command |
| 290 | * added group ifname to P2P-PROV-DISC-* events |
| 291 | * added P2P Device Address to AP-STA-DISCONNECTED event and use |
| 292 | p2p_dev_addr parameter name with AP-STA-CONNECTED |
| 293 | * added workarounds for WPS PBC overlap detection for some P2P use cases |
| 294 | where deployed stations work incorrectly |
| 295 | * optimize WPS connection speed by disconnecting prior to WPS scan and |
| 296 | by using single channel scans when AP channel is known |
| 297 | * PCSC and SIM/USIM improvements: |
| 298 | - accept 0x67 (Wrong length) as a response to READ RECORD to fix |
| 299 | issues with some USIM cards |
| 300 | - try to read MNC length from SIM/USIM |
| 301 | - build realm according to 3GPP TS 23.003 with identity from the SIM |
| 302 | - allow T1 protocol to be enabled |
| 303 | * added more WPS and P2P information available through D-Bus |
| 304 | * improve P2P negotiation robustness |
| 305 | - extra waits to get ACK frames through |
| 306 | - longer timeouts for cases where deployed devices have been |
| 307 | identified have issues meeting the specification requirements |
| 308 | - more retries for some P2P frames |
| 309 | - handle race conditions in GO Negotiation start by both devices |
| 310 | - ignore unexpected GO Negotiation Response frame |
| 311 | * added support for libnl 3.2 and newer |
| 312 | * added P2P persistent group info to P2P_PEER data |
| 313 | * maintain a list of P2P Clients for persistent group on GO |
| 314 | * AP: increased initial group key handshake retransmit timeout to 500 ms |
| 315 | * added optional dev_id parameter for p2p_find |
| 316 | * added P2P-FIND-STOPPED ctrl_iface event |
| 317 | * fixed issues in WPA/RSN element validation when roaming with ap_scan=1 |
| 318 | and driver-based BSS selection |
| 319 | * do not expire P2P peer entries while connected with the peer in a |
| 320 | group |
| 321 | * fixed WSC element inclusion in cases where P2P is disabled |
| 322 | * AP: added a WPS workaround for mixed mode AP Settings with Windows 7 |
| 323 | * EAP-SIM: fixed AT_COUNTER_TOO_SMALL use |
| 324 | * EAP-SIM/AKA: append realm to pseudonym identity |
| 325 | * EAP-SIM/AKA: store pseudonym identity in network configuration to |
| 326 | allow it to persist over multiple EAP sessions and wpa_supplicant |
| 327 | restarts |
| 328 | * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this |
| 329 | breaks interoperability with older versions |
| 330 | * added support for WFA Hotspot 2.0 |
| 331 | - GAS/ANQP to fetch network information |
| 332 | - credential configuration and automatic network selections based on |
| 333 | credential match with ANQP information |
| 334 | * limited PMKSA cache entries to be used only with the network context |
| 335 | that was used to create them |
Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 336 | * improved PMKSA cache expiration to avoid unnecessary disconnections |
Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 337 | * adjusted bgscan_simple fast-scan backoff to avoid too frequent |
| 338 | background scans |
| 339 | * removed ctrl_iface event on P2P PD Response in join-group case |
| 340 | * added option to fetch BSS table entry based on P2P Device Address |
| 341 | ("BSS p2p_dev_addr=<P2P Device Address>") |
| 342 | * added BSS entry age to ctrl_iface BSS command output |
| 343 | * added optional MASK=0xH option for ctrl_iface BSS command to select |
| 344 | which fields are included in the response |
| 345 | * added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to |
| 346 | fetch information about several BSSes in one call |
| 347 | * simplified licensing terms by selecting the BSD license as the only |
| 348 | alternative |
| 349 | * added "P2P_SET disallow_freq <freq list>" ctrl_iface command to |
| 350 | disable channels from P2P use |
| 351 | * added p2p_pref_chan configuration parameter to allow preferred P2P |
| 352 | channels to be specified |
| 353 | * added support for advertising immediate availability of a WPS |
| 354 | credential for P2P use cases |
| 355 | * optimized scan operations for P2P use cases (use single channel scan |
| 356 | for a specific SSID when possible) |
| 357 | * EAP-TTLS: fixed peer challenge generation for MSCHAPv2 |
| 358 | * SME: do not use reassociation after explicit disconnection request |
| 359 | (local or a notification from an AP) |
| 360 | * added support for sending debug info to Linux tracing (-T on command |
| 361 | line) |
| 362 | * added support for using Deauthentication reason code 3 as an |
| 363 | indication of P2P group termination |
| 364 | * added wps_vendor_ext_m1 configuration parameter to allow vendor |
| 365 | specific attributes to be added to WPS M1 |
| 366 | * started using separate TLS library context for tunneled TLS |
| 367 | (EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA |
| 368 | certificate configuration between Phase 1 and Phase 2 |
| 369 | * added optional "auto" parameter for p2p_connect to request automatic |
| 370 | GO Negotiation vs. join-a-group selection |
| 371 | * added disabled_scan_offload parameter to disable automatic scan |
| 372 | offloading (sched_scan) |
| 373 | * added optional persistent=<network id> parameter for p2p_connect to |
| 374 | allow forcing of a specific SSID/passphrase for GO Negotiation |
| 375 | * added support for OBSS scan requests and 20/40 BSS coexistence reports |
| 376 | * reject PD Request for unknown group |
| 377 | * removed scripts and notes related to Windows binary releases (which |
| 378 | have not been used starting from 1.x) |
| 379 | * added initial support for WNM operations |
| 380 | - Keep-alive based on BSS max idle period |
| 381 | - WNM-Sleep Mode |
Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 382 | - minimal BSS Transition Management processing |
Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 383 | * added autoscan module to control scanning behavior while not connected |
| 384 | - autoscan_periodic and autoscan_exponential modules |
| 385 | * added new WPS NFC ctrl_iface mechanism |
| 386 | - added initial support NFC connection handover |
| 387 | - removed obsoleted WPS_OOB command (including support for deprecated |
| 388 | UFD config_method) |
| 389 | * added optional framework for external password storage ("ext:<name>") |
| 390 | * wpa_cli: added optional support for controlling wpa_supplicant |
| 391 | remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes |
| 392 | * wpa_cli: extended tab completion to more commands |
| 393 | * changed SSID output to use printf-escaped strings instead of masking |
| 394 | of non-ASCII characters |
| 395 | - SSID can now be configured in the same format: ssid=P"abc\x00test" |
| 396 | * removed default ACM=1 from AC_VO and AC_VI |
| 397 | * added optional "ht40" argument for P2P ctrl_iface commands to allow |
| 398 | 40 MHz channels to be requested on the 5 GHz band |
| 399 | * added optional parameters for p2p_invite command to specify channel |
| 400 | when reinvoking a persistent group as the GO |
| 401 | * improved FIPS mode builds with OpenSSL |
| 402 | - "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the |
| 403 | OpenSSL FIPS object module |
| 404 | - replace low level OpenSSL AES API calls to use EVP |
| 405 | - use OpenSSL keying material exporter when possible |
| 406 | - do not export TLS keys in FIPS mode |
| 407 | - remove MD5 from CONFIG_FIPS=y builds |
| 408 | - use OpenSSL function for PKBDF2 passphrase-to-PSK |
| 409 | - use OpenSSL HMAC implementation |
| 410 | - mix RAND_bytes() output into random_get_bytes() to force OpenSSL |
| 411 | DRBG to be used in FIPS mode |
| 412 | - use OpenSSL CMAC implementation |
| 413 | * added mechanism to disable TLS Session Ticket extension |
| 414 | - a workaround for servers that do not support TLS extensions that |
| 415 | was enabled by default in recent OpenSSL versions |
| 416 | - tls_disable_session_ticket=1 |
| 417 | - automatically disable TLS Session Ticket extension by default when |
| 418 | using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST) |
| 419 | * changed VENDOR-TEST EAP method to use proper private enterprise number |
| 420 | (this will not interoperate with older versions) |
| 421 | * disable network block temporarily on authentication failures |
| 422 | * improved WPS AP selection during WPS PIN iteration |
| 423 | * added support for configuring GCMP cipher for IEEE 802.11ad |
| 424 | * added support for Wi-Fi Display extensions |
| 425 | - WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements |
| 426 | - SET wifi_display <0/1> to disable/enable WFD support |
| 427 | - WFD service discovery |
| 428 | - an external program is needed to manage the audio/video streaming |
| 429 | and codecs |
| 430 | * optimized scan result use for network selection |
| 431 | - use the internal BSS table instead of raw scan results |
| 432 | - allow unnecessary scans to be skipped if fresh information is |
| 433 | available (e.g., after GAS/ANQP round for Interworking) |
| 434 | * added support for 256-bit AES with internal TLS implementation |
| 435 | * allow peer to propose channel in P2P invitation process for a |
| 436 | persistent group |
| 437 | * added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed |
| 438 | from network selection |
| 439 | * re-enable the networks disabled during WPS operations |
| 440 | * allow P2P functionality to be disabled per interface (p2p_disabled=1) |
| 441 | * added secondary device types into P2P_PEER output |
| 442 | * added an option to disable use of a separate P2P group interface |
| 443 | (p2p_no_group_iface=1) |
| 444 | * fixed P2P Bonjour SD to match entries with both compressed and not |
| 445 | compressed domain name format and support multiple Bonjour PTR matches |
| 446 | for the same key |
| 447 | * use deauthentication instead of disassociation for all disconnection |
| 448 | operations; this removes the now unused disassociate() wpa_driver_ops |
| 449 | callback |
| 450 | * optimized PSK generation on P2P GO by caching results to avoid |
| 451 | multiple PBKDF2 operations |
| 452 | * added okc=1 global configuration parameter to allow OKC to be enabled |
| 453 | by default for all network blocks |
| 454 | * added a workaround for WPS PBC session overlap detection to avoid |
| 455 | interop issues with deployed station implementations that do not |
| 456 | remove active PBC indication from Probe Request frames properly |
Dmitry Shmidt | a54fa5f | 2013-01-15 13:53:35 -0800 | [diff] [blame] | 457 | * added basic support for 60 GHz band |
| 458 | * extend EAPOL frames processing workaround for roaming cases |
| 459 | (postpone processing of unexpected EAPOL frame until association |
| 460 | event to handle reordered events) |
Dmitry Shmidt | d5e4923 | 2012-12-03 15:08:10 -0800 | [diff] [blame] | 461 | |
Dmitry Shmidt | 0494959 | 2012-07-19 12:16:46 -0700 | [diff] [blame] | 462 | 2012-05-10 - v1.0 |
| 463 | * bsd: Add support for setting HT values in IFM_MMASK. |
| 464 | * Delay STA entry removal until Deauth/Disassoc TX status in AP mode. |
| 465 | This allows the driver to use PS buffering of Deauthentication and |
| 466 | Disassociation frames when the STA is in power save sleep. Only |
| 467 | available with drivers that provide TX status events for Deauth/ |
| 468 | Disassoc frames (nl80211). |
| 469 | * Drop oldest unknown BSS table entries first. This makes it less |
| 470 | likely to hit connection issues in environments with huge number |
| 471 | of visible APs. |
| 472 | * Add systemd support. |
| 473 | * Add support for setting the syslog facility from the config file |
| 474 | at build time. |
| 475 | * atheros: Add support for IEEE 802.11w configuration. |
| 476 | * AP mode: Allow enable HT20 if driver supports it, by setting the |
| 477 | config parameter ieee80211n. |
| 478 | * Allow AP mode to disconnect STAs based on low ACK condition (when |
| 479 | the data connection is not working properly, e.g., due to the STA |
| 480 | going outside the range of the AP). Disabled by default, enable by |
| 481 | config option disassoc_low_ack. |
| 482 | * nl80211: |
| 483 | - Support GTK rekey offload. |
| 484 | - Support PMKSA candidate events. This adds support for RSN |
| 485 | pre-authentication with nl80211 interface and drivers that handle |
| 486 | roaming internally. |
| 487 | * dbus: |
| 488 | - Add a DBus signal for EAP SM requests, emitted on the Interface |
| 489 | object. |
| 490 | - Export max scan ssids supported by the driver as MaxScanSSID. |
| 491 | - Add signal Certification for information about server certification. |
| 492 | - Add BSSExpireAge and BSSExpireCount interface properties and |
| 493 | support set/get, which allows for setting BSS cache expiration age |
| 494 | and expiration scan count. |
| 495 | - Add ConfigFile to AddInterface properties. |
| 496 | - Add Interface.Country property and support to get/set the value. |
| 497 | - Add DBus property CurrentAuthMode. |
| 498 | - P2P DBus API added. |
| 499 | - Emit property changed events (for property BSSs) when adding/ |
| 500 | removing BSSs. |
| 501 | - Treat '' in SSIDs of Interface.Scan as a request for broadcast |
| 502 | scan, instead of ignoring it. |
| 503 | - Add DBus getter/setter for FastReauth. |
| 504 | - Raise PropertiesChanged on org.freedesktop.DBus.Properties. |
| 505 | * wpa_cli: |
| 506 | - Send AP-STA-DISCONNECTED event when an AP disconnects a station |
| 507 | due to inactivity. |
| 508 | - Make second argument to set command optional. This can be used to |
| 509 | indicate a zero length value. |
| 510 | - Add signal_poll command. |
| 511 | - Add bss_expire_age and bss_expire_count commands to set/get BSS |
| 512 | cache expiration age and expiration scan count. |
| 513 | - Add ability to set scan interval (the time in seconds wpa_s waits |
| 514 | before requesting a new scan after failing to find a suitable |
| 515 | network in scan results) using scan_interval command. |
| 516 | - Add event CTRL-EVENT-ASSOC-REJECT for association rejected. |
| 517 | - Add command get version, that returns wpa_supplicant version string. |
| 518 | - Add command sta_autoconnect for disabling automatic reconnection |
| 519 | on receiving disconnection event. |
| 520 | - Setting bssid parameter to an empty string "" or any can now be |
| 521 | used to clear the bssid_set flag in a network block, i.e., to remove |
| 522 | bssid filtering. |
| 523 | - Add tdls_testing command to add a special testing feature for |
| 524 | changing TDLS behavior. Build param CONFIG_TDLS_TESTING must be |
| 525 | enabled as well. |
| 526 | - For interworking, add wpa_cli commands interworking_select, |
| 527 | interworking_connect, anqp_get, fetch_anqp, and stop_fetch_anqp. |
| 528 | - Many P2P commands were added. See README-P2P. |
| 529 | - Many WPS/WPS ER commands - see WPS/WPS ER sections for details. |
| 530 | - Allow set command to change global config parameters. |
| 531 | - Add log_level command, which can be used to display the current |
| 532 | debugging level and to change the log level during run time. |
| 533 | - Add note command, which can be used to insert notes to the debug |
| 534 | log. |
| 535 | - Add internal line edit implementation. CONFIG_WPA_CLI_EDIT=y |
| 536 | can now be used to build wpa_cli with internal implementation of |
| 537 | line editing and history support. This can be used as a replacement |
| 538 | for CONFIG_READLINE=y. |
| 539 | * AP mode: Add max_num_sta config option, which can be used to limit |
| 540 | the number of stations allowed to connect to the AP. |
| 541 | * Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad |
| 542 | config file. |
| 543 | * wext: Increase scan timeout from 5 to 10 seconds. |
| 544 | * Add blacklist command, allowing an external program to |
| 545 | manage the BSS blacklist and display its current contents. |
| 546 | * WPS: |
| 547 | - Add wpa_cli wps_pin get command for generating random PINs. This can |
| 548 | be used in a UI to generate a PIN without starting WPS (or P2P) |
| 549 | operation. |
| 550 | - Set RF bands based on driver capabilities, instead of hardcoding |
| 551 | them. |
| 552 | - Add mechanism for indicating non-standard WPS errors. |
| 553 | - Add CONFIG_WPS_REG_DISABLE_OPEN=y option to disable open networks |
| 554 | by default. |
| 555 | - Add wps_ap_pin cli command for wpa_supplicant AP mode. |
| 556 | - Add wps_check_pin cli command for processing PIN from user input. |
| 557 | UIs can use this command to process a PIN entered by a user and to |
| 558 | validate the checksum digit (if present). |
| 559 | - Cancel WPS operation on PBC session overlap detection. |
| 560 | - New wps_cancel command in wpa_cli will cancel a pending WPS |
| 561 | operation. |
| 562 | - wpa_cli action: Add WPS_EVENT_SUCCESS and WPS_EVENT_FAIL handlers. |
| 563 | - Trigger WPS config update on Manufacturer, Model Name, Model |
| 564 | Number, and Serial Number changes. |
| 565 | - Fragment size is now configurable for EAP-WSC peer. Use |
| 566 | wpa_cli set wps_fragment_size <val>. |
| 567 | - Disable AP PIN after 10 consecutive failures. Slow down attacks on |
| 568 | failures up to 10. |
| 569 | - Allow AP to start in Enrollee mode without AP PIN for probing, to |
| 570 | be compatible with Windows 7. |
| 571 | - Add Config Error into WPS-FAIL events to provide more info to the |
| 572 | user on how to resolve the issue. |
| 573 | - Label and Display config methods are not allowed to be enabled |
| 574 | at the same time, since it is unclear which PIN to use if both |
| 575 | methods are advertised. |
| 576 | - When controlling multiple interfaces: |
| 577 | - apply WPS commands to all interfaces configured to use WPS |
| 578 | - apply WPS config changes to all interfaces that use WPS |
| 579 | - when an attack is detected on any interface, disable AP PIN on |
| 580 | all interfaces |
| 581 | * WPS ER: |
| 582 | - Add special AP Setup Locked mode to allow read only ER. |
| 583 | ap_setup_locked=2 can now be used to enable a special mode where |
| 584 | WPS ER can learn the current AP settings, but cannot change them. |
| 585 | - Show SetSelectedRegistrar events as ctrl_iface events |
| 586 | - Add wps_er_set_config to enroll a network based on a local |
| 587 | network configuration block instead of having to (re-)learn the |
| 588 | current AP settings with wps_er_learn. |
| 589 | - Allow AP filtering based on IP address, add ctrl_iface event for |
| 590 | learned AP settings, add wps_er_config command to configure an AP. |
| 591 | * WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2) |
| 592 | - Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool |
| 593 | for testing protocol extensibility. |
| 594 | - Add build option CONFIG_WPS_STRICT to allow disabling of WPS |
| 595 | workarounds. |
| 596 | - Add support for AuthorizedMACs attribute. |
| 597 | * TDLS: |
| 598 | - Propogate TDLS related nl80211 capability flags from kernel and |
| 599 | add them as driver capability flags. If the driver doesn't support |
| 600 | capabilities, assume TDLS is supported internally. When TDLS is |
| 601 | explicitly not supported, disable all user facing TDLS operations. |
| 602 | - Allow TDLS to be disabled at runtime (mostly for testing). |
| 603 | Use set tdls_disabled. |
| 604 | - Honor AP TDLS settings that prohibit/allow TDLS. |
| 605 | - Add a special testing feature for changing TDLS behavior. Use |
| 606 | CONFIG_TDLS_TESTING build param to enable. Configure at runtime |
| 607 | with tdls_testing cli command. |
| 608 | - Add support for TDLS 802.11z. |
| 609 | * wlantest: Add a tool wlantest for IEEE802.11 protocol testing. |
| 610 | wlantest can be used to capture frames from a monitor interface |
| 611 | for realtime capturing or from pcap files for offline analysis. |
| 612 | * Interworking: Support added for 802.11u. Enable in .config with |
| 613 | CONFIG_INTERWORKING. See wpa_supplicant.conf for config parameters |
| 614 | for interworking. wpa_cli commands added to support this are |
| 615 | interworking_select, interworking_connect, anqp_get, fetch_anqp, |
| 616 | and stop_fetch_anqp. |
| 617 | * Android: Add build and runtime support for Android wpa_supplicant. |
| 618 | * bgscan learn: Add new bgscan that learns BSS information based on |
| 619 | previous scans, and uses that information to dynamically generate |
| 620 | the list of channels for background scans. |
| 621 | * Add a new debug message level for excessive information. Use |
| 622 | -ddd to enable. |
| 623 | * TLS: Add support for tls_disable_time_checks=1 in client mode. |
| 624 | * Internal TLS: |
| 625 | - Add support for TLS v1.1 (RFC 4346). Enable with build parameter |
| 626 | CONFIG_TLSV11. |
| 627 | - Add domainComponent parser for X.509 names. |
| 628 | * Linux: Add RFKill support by adding an interface state "disabled". |
| 629 | * Reorder some IEs to get closer to IEEE 802.11 standard. Move |
| 630 | WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames. |
| 631 | Move HT IEs to be later in (Re)Assoc Resp. |
| 632 | * Solaris: Add support for wired 802.1X client. |
| 633 | * Wi-Fi Direct support. See README-P2P for more information. |
| 634 | * Many bugfixes. |
| 635 | |
Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 636 | 2010-04-18 - v0.7.2 |
| 637 | * nl80211: fixed number of issues with roaming |
| 638 | * avoid unnecessary roaming if multiple APs with similar signal |
| 639 | strength are present in scan results |
| 640 | * add TLS client events and server probing to ease design of |
| 641 | automatic detection of EAP parameters |
| 642 | * add option for server certificate matching (SHA256 hash of the |
| 643 | certificate) instead of trusted CA certificate configuration |
| 644 | * bsd: Cleaned up driver wrapper and added various low-level |
| 645 | configuration options |
| 646 | * wpa_gui-qt4: do not show too frequent WPS AP available events as |
| 647 | tray messages |
| 648 | * TNC: fixed issues with fragmentation |
| 649 | * EAP-TNC: add Flags field into fragment acknowledgement (needed to |
| 650 | interoperate with other implementations; may potentially breaks |
| 651 | compatibility with older wpa_supplicant/hostapd versions) |
| 652 | * wpa_cli: added option for using a separate process to receive event |
| 653 | messages to reduce latency in showing these |
| 654 | (CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config to enable this) |
| 655 | * maximum BSS table size can now be configured (bss_max_count) |
| 656 | * BSSes to be included in the BSS table can be filtered based on |
| 657 | configured SSIDs to save memory (filter_ssids) |
| 658 | * fix number of issues with IEEE 802.11r/FT; this version is not |
| 659 | backwards compatible with old versions |
| 660 | * nl80211: add support for IEEE 802.11r/FT protocol (both over-the-air |
| 661 | and over-the-DS) |
| 662 | * add freq_list network configuration parameter to allow the AP |
| 663 | selection to filter out entries based on the operating channel |
| 664 | * add signal strength change events for bgscan; this allows more |
| 665 | dynamic changes to background scanning interval based on changes in |
| 666 | the signal strength with the current AP; this improves roaming within |
| 667 | ESS quite a bit, e.g., with bgscan="simple:30:-45:300" in the network |
| 668 | configuration block to request background scans less frequently when |
| 669 | signal strength remains good and to automatically trigger background |
| 670 | scans whenever signal strength drops noticeably |
| 671 | (this is currently only available with nl80211) |
| 672 | * add BSSID and reason code (if available) to disconnect event messages |
| 673 | * wpa_gui-qt4: more complete support for translating the GUI with |
| 674 | linguist and add German translation |
| 675 | * fix DH padding with internal crypto code (mainly, for WPS) |
| 676 | * do not trigger initial scan automatically anymore if there are no |
| 677 | enabled networks |
| 678 | |
| 679 | 2010-01-16 - v0.7.1 |
| 680 | * cleaned up driver wrapper API (struct wpa_driver_ops); the new API |
| 681 | is not fully backwards compatible, so out-of-tree driver wrappers |
| 682 | will need modifications |
| 683 | * cleaned up various module interfaces |
| 684 | * merge hostapd and wpa_supplicant developers' documentation into a |
| 685 | single document |
| 686 | * nl80211: use explicit deauthentication to clear cfg80211 state to |
| 687 | avoid issues when roaming between APs |
| 688 | * dbus: major design changes in the new D-Bus API |
| 689 | (fi.w1.wpa_supplicant1) |
| 690 | * nl80211: added support for IBSS networks |
| 691 | * added internal debugging mechanism with backtrace support and memory |
| 692 | allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y) |
| 693 | * added WPS ER unsubscription command to more cleanly unregister from |
| 694 | receiving UPnP events when ER is terminated |
| 695 | * cleaned up AP mode operations to avoid need for virtual driver_ops |
| 696 | wrapper |
| 697 | * added BSS table to maintain more complete scan result information |
| 698 | over multiple scans (that may include only partial results) |
| 699 | * wpa_gui-qt4: update Peers dialog information more dynamically while |
| 700 | the dialog is kept open |
| 701 | * fixed PKCS#12 use with OpenSSL 1.0.0 |
| 702 | * driver_wext: Added cfg80211-specific optimization to avoid some |
| 703 | unnecessary scans and to speed up association |
| 704 | |
| 705 | 2009-11-21 - v0.7.0 |
| 706 | * increased wpa_cli ping interval to 5 seconds and made this |
| 707 | configurable with a new command line options (-G<seconds>) |
| 708 | * fixed scan buffer processing with WEXT to handle up to 65535 |
| 709 | byte result buffer (previously, limited to 32768 bytes) |
| 710 | * allow multiple driver wrappers to be specified on command line |
| 711 | (e.g., -Dnl80211,wext); the first one that is able to initialize the |
| 712 | interface will be used |
| 713 | * added support for multiple SSIDs per scan request to optimize |
| 714 | scan_ssid=1 operations in ap_scan=1 mode (i.e., search for hidden |
| 715 | SSIDs); this requires driver support and can currently be used only |
| 716 | with nl80211 |
| 717 | * added support for WPS USBA out-of-band mechanism with USB Flash |
| 718 | Drives (UFD) (CONFIG_WPS_UFD=y) |
| 719 | * driver_ndis: add PAE group address to the multicast address list to |
| 720 | fix wired IEEE 802.1X authentication |
| 721 | * fixed IEEE 802.11r key derivation function to match with the standard |
| 722 | (note: this breaks interoperability with previous version) [Bug 303] |
| 723 | * added better support for drivers that allow separate authentication |
| 724 | and association commands (e.g., mac80211-based Linux drivers with |
| 725 | nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol |
| 726 | to be used (IEEE 802.11r) |
| 727 | * fixed SHA-256 based key derivation function to match with the |
| 728 | standard when using CCMP (for IEEE 802.11r and IEEE 802.11w) |
| 729 | (note: this breaks interoperability with previous version) [Bug 307] |
| 730 | * use shared driver wrapper files with hostapd |
| 731 | * added AP mode functionality (CONFIG_AP=y) with mode=2 in the network |
| 732 | block; this can be used for open and WPA2-Personal networks |
| 733 | (optionally, with WPS); this links in parts of hostapd functionality |
| 734 | into wpa_supplicant |
| 735 | * wpa_gui-qt4: added new Peers dialog to show information about peers |
| 736 | (other devices, including APs and stations, etc. in the neighborhood) |
| 737 | * added support for WPS External Registrar functionality (configure APs |
| 738 | and enroll new devices); can be used with wpa_gui-qt4 Peers dialog |
| 739 | and wpa_cli commands wps_er_start, wps_er_stop, wps_er_pin, |
| 740 | wps_er_pbc, wps_er_learn |
| 741 | (this can also be used with a new 'none' driver wrapper if no |
| 742 | wireless device or IEEE 802.1X on wired is needed) |
| 743 | * driver_nl80211: multiple updates to provide support for new Linux |
| 744 | nl80211/mac80211 functionality |
| 745 | * updated management frame protection to use IEEE Std 802.11w-2009 |
| 746 | * fixed number of small WPS issues and added workarounds to |
| 747 | interoperate with common deployed broken implementations |
| 748 | * added support for NFC out-of-band mechanism with WPS |
| 749 | * driver_ndis: fixed wired IEEE 802.1X authentication with PAE group |
| 750 | address frames |
| 751 | * added preliminary support for IEEE 802.11r RIC processing |
| 752 | * added support for specifying subset of enabled frequencies to scan |
| 753 | (scan_freq option in the network configuration block); this can speed |
| 754 | up scanning process considerably if it is known that only a small |
| 755 | subset of channels is actually used in the network (this is currently |
| 756 | supported only with -Dnl80211) |
| 757 | * added a workaround for race condition between receiving the |
| 758 | association event and the following EAPOL-Key |
| 759 | * added background scan and roaming infrastructure to allow |
| 760 | network-specific optimizations to be used to improve roaming within |
| 761 | an ESS (same SSID) |
| 762 | * added new DBus interface (fi.w1.wpa_supplicant1) |
| 763 | |
| 764 | 2009-01-06 - v0.6.7 |
| 765 | * added support for Wi-Fi Protected Setup (WPS) |
| 766 | (wpa_supplicant can now be configured to act as a WPS Enrollee to |
| 767 | enroll credentials for a network using PIN and PBC methods; in |
| 768 | addition, wpa_supplicant can act as a wireless WPS Registrar to |
| 769 | configure an AP); WPS support can be enabled by adding CONFIG_WPS=y |
| 770 | into .config and setting the runtime configuration variables in |
| 771 | wpa_supplicant.conf (see WPS section in the example configuration |
| 772 | file); new wpa_cli commands wps_pin, wps_pbc, and wps_reg are used to |
| 773 | manage WPS negotiation; see README-WPS for more details |
| 774 | * added support for EAP-AKA' (draft-arkko-eap-aka-kdf) |
| 775 | * added support for using driver_test over UDP socket |
| 776 | * fixed PEAPv0 Cryptobinding interoperability issue with Windows Server |
| 777 | 2008 NPS; optional cryptobinding is now enabled (again) by default |
| 778 | * fixed PSK editing in wpa_gui |
| 779 | * changed EAP-GPSK to use the IANA assigned EAP method type 51 |
| 780 | * added a Windows installer that includes WinPcap and all the needed |
| 781 | DLLs; in addition, it set up the registry automatically so that user |
| 782 | will only need start wpa_gui to get prompted to start the wpasvc |
| 783 | servide and add a new interface if needed through wpa_gui dialog |
| 784 | * updated management frame protection to use IEEE 802.11w/D7.0 |
| 785 | |
| 786 | 2008-11-23 - v0.6.6 |
| 787 | * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA |
| 788 | (can be used to simulate test SIM/USIM card with a known private key; |
| 789 | enable with CONFIG_SIM_SIMULATOR=y/CONFIG_USIM_SIMULATOR=y in .config |
| 790 | and password="Ki:OPc"/password="Ki:OPc:SQN" in network configuration) |
| 791 | * added a new network configuration option, wpa_ptk_rekey, that can be |
| 792 | used to enforce frequent PTK rekeying, e.g., to mitigate some attacks |
| 793 | against TKIP deficiencies |
| 794 | * added an optional mitigation mechanism for certain attacks against |
| 795 | TKIP by delaying Michael MIC error reports by a random amount of time |
| 796 | between 0 and 60 seconds; this can be enabled with a build option |
| 797 | CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config |
| 798 | * fixed EAP-AKA to use RES Length field in AT_RES as length in bits, |
| 799 | not bytes |
| 800 | * updated OpenSSL code for EAP-FAST to use an updated version of the |
| 801 | session ticket overriding API that was included into the upstream |
| 802 | OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is |
| 803 | needed with that version anymore) |
| 804 | * updated userspace MLME instructions to match with the current Linux |
| 805 | mac80211 implementation; please also note that this can only be used |
| 806 | with driver_nl80211.c (the old code from driver_wext.c was removed) |
| 807 | * added support (Linux only) for RoboSwitch chipsets (often found in |
| 808 | consumer grade routers); driver interface 'roboswitch' |
| 809 | * fixed canceling of PMKSA caching when using drivers that generate |
| 810 | RSN IE and refuse to drop PMKIDs that wpa_supplicant does not know |
| 811 | about |
| 812 | |
| 813 | 2008-11-01 - v0.6.5 |
| 814 | * added support for SHA-256 as X.509 certificate digest when using the |
| 815 | internal X.509/TLSv1 implementation |
| 816 | * updated management frame protection to use IEEE 802.11w/D6.0 |
| 817 | * added support for using SHA256-based stronger key derivation for WPA2 |
| 818 | (IEEE 802.11w) |
| 819 | * fixed FT (IEEE 802.11r) authentication after a failed association to |
| 820 | use correct FTIE |
| 821 | * added support for configuring Phase 2 (inner/tunneled) authentication |
| 822 | method with wpa_gui-qt4 |
| 823 | |
| 824 | 2008-08-10 - v0.6.4 |
| 825 | * added support for EAP Sequences in EAP-FAST Phase 2 |
| 826 | * added support for using TNC with EAP-FAST |
| 827 | * added driver_ps3 for the PS3 Linux wireless driver |
| 828 | * added support for optional cryptobinding with PEAPv0 |
| 829 | * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to |
| 830 | allow fallback to full handshake if server rejects PAC-Opaque |
| 831 | * added fragmentation support for EAP-TNC |
| 832 | * added support for parsing PKCS #8 formatted private keys into the |
| 833 | internal TLS implementation (both PKCS #1 RSA key and PKCS #8 |
| 834 | encapsulated RSA key can now be used) |
| 835 | * added option of using faster, but larger, routines in the internal |
| 836 | LibTomMath (for internal TLS implementation) to speed up DH and RSA |
| 837 | calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y) |
| 838 | * fixed race condition between disassociation event and group key |
| 839 | handshake to avoid getting stuck in incorrect state [Bug 261] |
| 840 | * fixed opportunistic key caching (proactive_key_caching) |
| 841 | |
| 842 | 2008-02-22 - v0.6.3 |
| 843 | * removed 'nai' and 'eappsk' network configuration variables that were |
| 844 | previously used for configuring user identity and key for EAP-PSK, |
| 845 | EAP-PAX, EAP-SAKE, and EAP-GPSK. 'identity' field is now used as the |
| 846 | replacement for 'nai' (if old configuration used a separate |
| 847 | 'identity' value, that would now be configured as |
| 848 | 'anonymous_identity'). 'password' field is now used as the |
| 849 | replacement for 'eappsk' (it can also be set using hexstring to |
| 850 | present random binary data) |
| 851 | * removed '-w' command line parameter (wait for interface to be added, |
| 852 | if needed); cleaner way of handling this functionality is to use an |
| 853 | external mechanism (e.g., hotplug scripts) that start wpa_supplicant |
| 854 | when an interface is added |
| 855 | * updated FT support to use the latest draft, IEEE 802.11r/D9.0 |
| 856 | * added ctrl_iface monitor event (CTRL-EVENT-SCAN-RESULTS) for |
| 857 | indicating when new scan results become available |
| 858 | * added new ctrl_iface command, BSS, to allow scan results to be |
| 859 | fetched without hitting the message size limits (this command |
| 860 | can be used to iterate through the scan results one BSS at the time) |
| 861 | * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION |
| 862 | attributes in EAP-SIM Start/Response when using fast reauthentication |
| 863 | * fixed EAPOL not to end up in infinite loop when processing dynamic |
| 864 | WEP keys with IEEE 802.1X |
| 865 | * fixed problems in getting NDIS events from WMI on Windows 2000 |
| 866 | |
| 867 | 2008-01-01 - v0.6.2 |
| 868 | * added support for Makefile builds to include debug-log-to-a-file |
| 869 | functionality (CONFIG_DEBUG_FILE=y and -f<path> on command line) |
| 870 | * fixed EAP-SIM and EAP-AKA message parser to validate attribute |
| 871 | lengths properly to avoid potential crash caused by invalid messages |
| 872 | * added data structure for storing allocated buffers (struct wpabuf); |
| 873 | this does not affect wpa_supplicant usage, but many of the APIs |
| 874 | changed and various interfaces (e.g., EAP) is not compatible with old |
| 875 | versions |
| 876 | * added support for protecting EAP-AKA/Identity messages with |
| 877 | AT_CHECKCODE (optional feature in RFC 4187) |
| 878 | * added support for protected result indication with AT_RESULT_IND for |
| 879 | EAP-SIM and EAP-AKA (phase1="result_ind=1") |
| 880 | * added driver_wext workaround for race condition between scanning and |
| 881 | association with drivers that take very long time to scan all |
| 882 | channels (e.g., madwifi with dual-band cards); wpa_supplicant is now |
| 883 | using a longer hardcoded timeout for the scan if the driver supports |
| 884 | notifications for scan completion (SIOCGIWSCAN event); this helps, |
| 885 | e.g., in cases where wpa_supplicant and madwifi driver ended up in |
| 886 | loop where the driver did not even try to associate |
| 887 | * stop EAPOL timer tick when no timers are in use in order to reduce |
| 888 | power consumption (no need to wake up the process once per second) |
| 889 | [Bug 237] |
| 890 | * added support for privilege separation (run only minimal part of |
| 891 | wpa_supplicant functionality as root and rest as unprivileged, |
| 892 | non-root process); see 'Privilege separation' in README for details; |
| 893 | this is disabled by default and can be enabled with CONFIG_PRIVSEP=y |
| 894 | in .config |
| 895 | * changed scan results data structure to include all information |
| 896 | elements to make it easier to support new IEs; old get_scan_result() |
| 897 | driver_ops is still supported for backwards compatibility (results |
| 898 | are converted internally to the new format), but all drivers should |
| 899 | start using the new get_scan_results2() to make them more likely to |
| 900 | work with new features |
| 901 | * Qt4 version of wpa_gui (wpa_gui-qt4 subdirectory) is now native Qt4 |
| 902 | application, i.e., it does not require Qt3Support anymore; Windows |
| 903 | binary of wpa_gui.exe is now from this directory and only requires |
| 904 | QtCore4.dll and QtGui4.dll libraries |
| 905 | * updated Windows binary build to use Qt 4.3.3 and made Qt DLLs |
| 906 | available as a separate package to make wpa_gui installation easier: |
| 907 | http://w1.fi/wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip |
| 908 | * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt); |
| 909 | only shared key/password authentication is supported in this version |
| 910 | |
| 911 | 2007-11-24 - v0.6.1 |
| 912 | * added support for configuring password as NtPasswordHash |
| 913 | (16-byte MD4 hash of password) in hash:<32 hex digits> format |
| 914 | * added support for fallback from abbreviated TLS handshake to |
| 915 | full handshake when using EAP-FAST (e.g., due to an expired |
| 916 | PAC-Opaque) |
| 917 | * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest |
| 918 | draft (draft-ietf-emu-eap-gpsk-07.txt) |
| 919 | * added support for drivers that take care of RSN 4-way handshake |
| 920 | internally (WPA_DRIVER_FLAGS_4WAY_HANDSHAKE in get_capa flags and |
| 921 | WPA_ALG_PMK in set_key) |
| 922 | * added an experimental port for Mac OS X (CONFIG_DRIVER_OSX=y in |
| 923 | .config); this version supports only ap_scan=2 mode and allow the |
| 924 | driver to take care of the 4-way handshake |
| 925 | * fixed a buffer overflow in parsing TSF from scan results when using |
| 926 | driver_wext.c with a driver that includes the TSF (e.g., iwl4965) |
| 927 | [Bug 232] |
| 928 | * updated FT support to use the latest draft, IEEE 802.11r/D8.0 |
| 929 | * fixed an integer overflow issue in the ASN.1 parser used by the |
| 930 | (experimental) internal TLS implementation to avoid a potential |
| 931 | buffer read overflow |
| 932 | * fixed a race condition with -W option (wait for a control interface |
| 933 | monitor before starting) that could have caused the first messages to |
| 934 | be lost |
| 935 | * added support for processing TNCC-TNCS-Messages to report |
| 936 | recommendation (allow/none/isolate) when using TNC [Bug 243] |
| 937 | |
| 938 | 2007-05-28 - v0.6.0 |
| 939 | * added network configuration parameter 'frequency' for setting |
| 940 | initial channel for IBSS (adhoc) networks |
| 941 | * added experimental IEEE 802.11r/D6.0 support |
| 942 | * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48 |
| 943 | * updated EAP-PSK to use the IANA-allocated EAP type 47 |
| 944 | * fixed EAP-PAX key derivation |
| 945 | * fixed EAP-PSK bit ordering of the Flags field |
| 946 | * fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in |
| 947 | tunnelled identity request (previously, the identifier from the outer |
| 948 | method was used, not the tunnelled identifier which could be |
| 949 | different) |
| 950 | * added support for fragmentation of outer TLS packets during Phase 2 |
| 951 | of EAP-PEAP/TTLS/FAST |
| 952 | * fixed EAP-TTLS AVP parser processing for too short AVP lengths |
| 953 | * added support for EAP-FAST authentication with inner methods that |
| 954 | generate MSK (e.g., EAP-MSCHAPv2 that was previously only supported |
| 955 | for PAC provisioning) |
| 956 | * added support for authenticated EAP-FAST provisioning |
| 957 | * added support for configuring maximum number of EAP-FAST PACs to |
| 958 | store in a PAC list (fast_max_pac_list_len=<max> in phase1 string) |
| 959 | * added support for storing EAP-FAST PACs in binary format |
| 960 | (fast_pac_format=binary in phase1 string) |
| 961 | * fixed dbus ctrl_iface to validate message interface before |
| 962 | dispatching to avoid a possible segfault [Bug 190] |
| 963 | * fixed PeerKey key derivation to use the correct PRF label |
| 964 | * updated Windows binary build to link against OpenSSL 0.9.8d and |
| 965 | added support for EAP-FAST |
| 966 | * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest |
| 967 | draft (draft-ietf-emu-eap-gpsk-04.txt) |
| 968 | * fixed EAP-AKA Notification processing to allow Notification to be |
| 969 | processed after AKA Challenge response has been sent |
| 970 | * updated to use IEEE 802.11w/D2.0 for management frame protection |
| 971 | (still experimental) |
| 972 | * fixed EAP-TTLS implementation not to crash on use of freed memory |
| 973 | if TLS library initialization fails |
| 974 | * added support for EAP-TNC (Trusted Network Connect) |
| 975 | (this version implements the EAP-TNC method and EAP-TTLS changes |
| 976 | needed to run two methods in sequence (IF-T) and the IF-IMC and |
| 977 | IF-TNCCS interfaces from TNCC) |
| 978 | |
| 979 | 2006-11-24 - v0.5.6 |
| 980 | * added experimental, integrated TLSv1 client implementation with the |
| 981 | needed X.509/ASN.1/RSA/bignum processing (this can be enabled by |
| 982 | setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in |
| 983 | .config); this can be useful, e.g., if the target system does not |
| 984 | have a suitable TLS library and a minimal code size is required |
| 985 | (total size of this internal TLS/crypto code is bit under 50 kB on |
| 986 | x86 and the crypto code is shared by rest of the supplicant so some |
| 987 | of it was already required; TLSv1/X.509/ASN.1/RSA added about 25 kB) |
| 988 | * removed STAKey handshake since PeerKey handshake has replaced it in |
| 989 | IEEE 802.11ma and there are no known deployments of STAKey |
| 990 | * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest |
| 991 | draft (draft-ietf-emu-eap-gpsk-01.txt) |
| 992 | * added preliminary implementation of IEEE 802.11w/D1.0 (management |
| 993 | frame protection) |
| 994 | (Note: this requires driver support to work properly.) |
| 995 | (Note2: IEEE 802.11w is an unapproved draft and subject to change.) |
| 996 | * fixed Windows named pipes ctrl_iface to not stop listening for |
| 997 | commands if client program opens a named pipe and closes it |
| 998 | immediately without sending a command |
| 999 | * fixed USIM PIN status determination for the case that PIN is not |
| 1000 | needed (this allows EAP-AKA to be used with USIM cards that do not |
| 1001 | use PIN) |
| 1002 | * added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to |
| 1003 | be used with cards that do not support file selection based on |
| 1004 | partial AID |
| 1005 | * added support for matching the subjectAltName of the authentication |
| 1006 | server certificate against multiple name components (e.g., |
| 1007 | altsubject_match="DNS:server.example.com;DNS:server2.example.com") |
| 1008 | * fixed EAP-SIM/AKA key derivation for re-authentication case (only |
| 1009 | affects IEEE 802.1X with dynamic WEP keys) |
| 1010 | * changed ctrl_iface network configuration 'get' operations to not |
| 1011 | return password/key material; if these fields are requested, "*" |
| 1012 | will be returned if the password/key is set, but the value of the |
| 1013 | parameter is not exposed |
| 1014 | |
| 1015 | 2006-08-27 - v0.5.5 |
| 1016 | * added support for building Windows version with UNICODE defined |
| 1017 | (wide-char functions) |
| 1018 | * driver_ndis: fixed static WEP configuration to avoid race condition |
| 1019 | issues with some NDIS drivers between association and setting WEP |
| 1020 | keys |
| 1021 | * driver_ndis: added validation for IELength value in scan results to |
| 1022 | avoid crashes when using buggy NDIS drivers [Bug 165] |
| 1023 | * fixed Release|Win32 target in the Visual Studio project files |
| 1024 | (previously, only Debug|Win32 target was set properly) |
| 1025 | * changed control interface API call wpa_ctrl_pending() to allow it to |
| 1026 | return -1 on error (e.g., connection lost); control interface clients |
| 1027 | will need to make sure that they verify that the value is indeed >0 |
| 1028 | when determining whether there are pending messages |
| 1029 | * added an alternative control interface backend for Windows targets: |
| 1030 | Named Pipe (CONFIG_CTRL_IFACE=named_pipe); this is now the default |
| 1031 | control interface mechanism for Windows builds (previously, UDP to |
| 1032 | localhost was used) |
| 1033 | * changed ctrl_interface configuration for UNIX domain sockets: |
| 1034 | - deprecated ctrl_interface_group variable (it may be removed in |
| 1035 | future versions) |
| 1036 | - allow both directory and group be configured with ctrl_interface |
| 1037 | in following format: DIR=/var/run/wpa_supplicant GROUP=wheel |
| 1038 | - ctrl_interface=/var/run/wpa_supplicant is still supported for the |
| 1039 | case when group is not changed |
| 1040 | * added support for controlling more than one interface per process in |
| 1041 | Windows version |
| 1042 | * added a workaround for a case where the AP is using unknown address |
| 1043 | (e.g., MAC address of the wired interface) as the source address for |
| 1044 | EAPOL-Key frames; previously, that source address was used as the |
| 1045 | destination for EAPOL-Key frames and in key derivation; now, BSSID is |
| 1046 | used even if the source address does not match with it |
| 1047 | (this resolves an interoperability issue with Thomson SpeedTouch 580) |
| 1048 | * added a workaround for UDP-based control interface (which was used in |
| 1049 | Windows builds before this release) to prevent packets with forged |
| 1050 | addresses from being accepted as local control requests |
| 1051 | * removed ndis_events.cpp and possibility of using external |
| 1052 | ndis_events.exe; C version (ndis_events.c) is fully functional and |
| 1053 | there is no desire to maintain two separate versions of this |
| 1054 | implementation |
| 1055 | * ndis_events: Changed NDIS event notification design to use WMI to |
| 1056 | learn the adapter description through Win32_PnPEntity class; this |
| 1057 | should fix some cases where the adapter name was not recognized |
| 1058 | correctly (e.g., with some USB WLAN adapters, e.g., Ralink RT2500 |
| 1059 | USB) [Bug 113] |
| 1060 | * fixed selection of the first network in ap_scan=2 mode; previously, |
| 1061 | wpa_supplicant could get stuck in SCANNING state when only the first |
| 1062 | network for enabled (e.g., after 'wpa_cli select_network 0') |
| 1063 | * winsvc: added support for configuring ctrl_interface parameters in |
| 1064 | registry (ctrl_interface string value in |
| 1065 | HKLM\SOFTWARE\wpa_supplicant\interfaces\0000 key); this new value is |
| 1066 | required to enable control interface (previously, this was hardcoded |
| 1067 | to be enabled) |
| 1068 | * allow wpa_gui subdirectory to be built with both Qt3 and Qt4 |
| 1069 | * converted wpa_gui-qt4 subdirectory to use Qt4 specific project format |
| 1070 | |
| 1071 | 2006-06-20 - v0.5.4 |
| 1072 | * fixed build with CONFIG_STAKEY=y [Bug 143] |
| 1073 | * added support for doing MLME (IEEE 802.11 management frame |
| 1074 | processing) in wpa_supplicant when using Devicescape IEEE 802.11 |
| 1075 | stack (wireless-dev.git tree) |
| 1076 | * added a new network block configuration option, fragment_size, to |
| 1077 | configure the maximum EAP fragment size |
| 1078 | * driver_ndis: Disable WZC automatically for the selected interface to |
| 1079 | avoid conflicts with two programs trying to control the radio; WZC |
| 1080 | will be re-enabled (if it was enabled originally) when wpa_supplicant |
| 1081 | is terminated |
| 1082 | * added an experimental TLSv1 client implementation |
| 1083 | (CONFIG_TLS=internal) that can be used instead of an external TLS |
| 1084 | library, e.g., to reduce total size requirement on systems that do |
| 1085 | not include any TLS library by default (this is not yet complete; |
| 1086 | basic functionality is there, but certificate validation is not yet |
| 1087 | included) |
| 1088 | * added PeerKey handshake implementation for IEEE 802.11e |
| 1089 | direct link setup (DLS) to replace STAKey handshake |
| 1090 | * fixed WPA PSK update through ctrl_iface for the case where the old |
| 1091 | PSK was derived from an ASCII passphrase and the new PSK is set as |
| 1092 | a raw PSK (hex string) |
| 1093 | * added new configuration option for identifying which network block |
| 1094 | was used (id_str in wpa_supplicant.conf; included on |
| 1095 | WPA_EVENT_CONNECT monitor event and as WPA_ID_STR environmental |
| 1096 | variable in wpa_cli action scripts; in addition WPA_ID variable is |
| 1097 | set to the current unique identifier that wpa_supplicant assigned |
| 1098 | automatically for the network and that can be used with |
| 1099 | GET_NETWORK/SET_NETWORK ctrl_iface commands) |
| 1100 | * wpa_cli action script is now called only when the connect/disconnect |
| 1101 | status changes or when associating with a different network |
| 1102 | * fixed configuration parser not to remove CCMP from group cipher list |
| 1103 | if WPA-None (adhoc) is used (pairwise=NONE in that case) |
| 1104 | * fixed integrated NDIS events processing not to hang the process due |
| 1105 | to a missed change in eloop_win.c API in v0.5.3 [Bug 155] |
| 1106 | * added support for EAP Generalized Pre-Shared Key (EAP-GPSK, |
| 1107 | draft-clancy-emu-eap-shared-secret-00.txt) |
| 1108 | * added Microsoft Visual Studio 2005 solution and project files for |
| 1109 | build wpa_supplicant for Windows (see vs2005 subdirectory) |
| 1110 | * eloop_win: fixed unregistration of Windows events |
| 1111 | * l2_packet_winpcap: fixed a deadlock in deinitializing l2_packet |
| 1112 | at the end of RSN pre-authentication and added unregistration of |
| 1113 | a Windows event to avoid getting eloop_win stuck with an invalid |
| 1114 | handle |
| 1115 | * driver_ndis: added support for selecting AP based on BSSID |
| 1116 | * added new environmental variable for wpa_cli action scripts: |
| 1117 | WPA_CTRL_DIR is the current control interface directory |
| 1118 | * driver_ndis: added support for using NDISUIO instead of WinPcap for |
| 1119 | OID set/query operations (CONFIG_USE_NDISUIO=y in .config); with new |
| 1120 | l2_packet_ndis (CONFIG_L2_PACKET=ndis), this can be used to build |
| 1121 | wpa_supplicant without requiring WinPcap; note that using NDISUIO |
| 1122 | requires that WZC is disabled (net stop wzcsvc) since NDISUIO allows |
| 1123 | only one application to open the device |
| 1124 | * changed NDIS driver naming to only include device GUID, e.g., |
| 1125 | {7EE3EFE5-C165-472F-986D-F6FBEDFE8C8D}, instead of including WinPcap |
| 1126 | specific \Device\NPF_ prefix before the GUID; the prefix is still |
| 1127 | allowed for backwards compatibility, but it is not required anymore |
| 1128 | when specifying the interface |
| 1129 | * driver_ndis: re-initialize driver interface is the adapter is removed |
| 1130 | and re-inserted [Bug 159] |
| 1131 | * driver_madwifi: fixed TKIP and CCMP sequence number configuration on |
| 1132 | big endian hosts [Bug 146] |
| 1133 | |
| 1134 | 2006-04-27 - v0.5.3 |
| 1135 | * fixed EAP-GTC response to include correct user identity when run as |
| 1136 | phase 2 method of EAP-FAST (i.e., EAP-FAST did not work in v0.5.2) |
| 1137 | * driver_ndis: Fixed encryption mode configuration for unencrypted |
| 1138 | networks (some NDIS drivers ignored this, but others, e.g., Broadcom, |
| 1139 | refused to associate with open networks) [Bug 106] |
| 1140 | * driver_ndis: use BSSID OID polling to detect when IBSS network is |
| 1141 | formed even when ndis_events code is included since some NDIS drivers |
| 1142 | do not generate media connect events in IBSS mode |
| 1143 | * config_winreg: allow global ctrl_interface parameter to be configured |
| 1144 | in Windows registry |
| 1145 | * config_winreg: added support for saving configuration data into |
| 1146 | Windows registry |
| 1147 | * added support for controlling network device operational state |
| 1148 | (dormant/up) for Linux 2.6.17 to improve DHCP processing (see |
| 1149 | http://www.flamewarmaster.de/software/dhcpclient/ for a DHCP client |
| 1150 | that can use this information) |
| 1151 | * driver_wext: added support for WE-21 change to SSID configuration |
| 1152 | * driver_wext: fixed privacy configuration for static WEP keys mode |
| 1153 | [Bug 140] |
| 1154 | * added an optional driver_ops callback for MLME-SETPROTECTION.request |
| 1155 | primitive |
| 1156 | * added support for EAP-SAKE (no EAP method number allocated yet, so |
| 1157 | this is using the same experimental type 255 as EAP-PSK) |
| 1158 | * added support for dynamically loading EAP methods (.so files) instead |
| 1159 | of requiring them to be statically linked in; this is disabled by |
| 1160 | default (see CONFIG_DYNAMIC_EAP_METHODS in defconfig for information |
| 1161 | on how to use this) |
| 1162 | |
| 1163 | 2006-03-19 - v0.5.2 |
| 1164 | * do not try to use USIM APDUs when initializing PC/SC for SIM card |
| 1165 | access for a network that has not enabled EAP-AKA |
| 1166 | * fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in |
| 1167 | v0.5.1 due to the new support for expanded EAP types) |
| 1168 | * added support for generating EAP Expanded Nak |
| 1169 | * try to fetch scan results once before requesting new scan when |
| 1170 | starting up in ap_scan=1 mode (this can speed up initial association |
| 1171 | a lot with, e.g., madwifi-ng driver) |
| 1172 | * added support for receiving EAPOL frames from a Linux bridge |
| 1173 | interface (-bbr0 on command line) |
| 1174 | * fixed EAPOL re-authentication for sessions that used PMKSA caching |
| 1175 | * changed EAP method registration to use a dynamic list of methods |
| 1176 | instead of a static list generated at build time |
| 1177 | * fixed PMKSA cache deinitialization not to use freed memory when |
| 1178 | removing PMKSA entries |
| 1179 | * fixed a memory leak in EAP-TTLS re-authentication |
| 1180 | * reject WPA/WPA2 message 3/4 if it does not include any valid |
| 1181 | WPA/RSN IE |
| 1182 | * driver_wext: added fallback to use SIOCSIWENCODE for setting auth_alg |
| 1183 | if the driver does not support SIOCSIWAUTH |
| 1184 | |
| 1185 | 2006-01-29 - v0.5.1 |
| 1186 | * driver_test: added better support for multiple APs and STAs by using |
| 1187 | a directory with sockets that include MAC address for each device in |
| 1188 | the name (driver_param=test_dir=/tmp/test) |
| 1189 | * added support for EAP expanded type (vendor specific EAP methods) |
| 1190 | * added AP_SCAN command into ctrl_iface so that ap_scan configuration |
| 1191 | option can be changed if needed |
| 1192 | * wpa_cli/wpa_gui: skip non-socket files in control directory when |
| 1193 | using UNIX domain sockets; this avoids selecting an incorrect |
| 1194 | interface (e.g., a PID file could be in this directory, even though |
| 1195 | use of this directory for something else than socket files is not |
| 1196 | recommended) |
| 1197 | * fixed TLS library deinitialization after RSN pre-authentication not |
| 1198 | to disable TLS library for normal authentication |
| 1199 | * driver_wext: Remove null-termination from SSID length if the driver |
| 1200 | used it; some Linux drivers do this and they were causing problems in |
| 1201 | wpa_supplicant not finding matching configuration block. This change |
| 1202 | would break a case where the SSID actually ends in '\0', but that is |
| 1203 | not likely to happen in real use. |
| 1204 | * fixed PMKSA cache processing not to trigger deauthentication if the |
| 1205 | current PMKSA cache entry is replaced with a valid new entry |
| 1206 | * fixed PC/SC initialization for ap_scan != 1 modes (this fixes |
| 1207 | EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or |
| 1208 | ap_scan=2) |
| 1209 | |
| 1210 | 2005-12-18 - v0.5.0 (beginning of 0.5.x development releases) |
| 1211 | * added experimental STAKey handshake implementation for IEEE 802.11e |
| 1212 | direct link setup (DLS); note: this is disabled by default in both |
| 1213 | build and runtime configuration (can be enabled with CONFIG_STAKEY=y |
| 1214 | and stakey=1) |
| 1215 | * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to |
| 1216 | decrypt AT_ENCR_DATA attributes correctly |
| 1217 | * fixed EAP-AKA to allow resynchronization within the same session |
| 1218 | * made code closer to ANSI C89 standard to make it easier to port to |
| 1219 | other C libraries and compilers |
| 1220 | * started moving operating system or C library specific functions into |
| 1221 | wrapper functions defined in os.h and implemented in os_*.c to make |
| 1222 | code more portable |
| 1223 | * wpa_supplicant can now be built with Microsoft Visual C++ |
| 1224 | (e.g., with the freely available Toolkit 2003 version or Visual |
| 1225 | C++ 2005 Express Edition and Platform SDK); see nmake.mak for an |
| 1226 | example makefile for nmake |
| 1227 | * added support for using Windows registry for command line parameters |
| 1228 | (CONFIG_MAIN=main_winsvc) and configuration data |
| 1229 | (CONFIG_BACKEND=winreg); see win_example.reg for an example registry |
| 1230 | contents; this version can be run both as a Windows service and as a |
| 1231 | normal application; 'wpasvc.exe app' to start as applicant, |
| 1232 | 'wpasvc.exe reg <full path to wpasvc.exe>' to register a service, |
| 1233 | 'net start wpasvc' to start the service, 'wpasvc.exe unreg' to |
| 1234 | unregister a service |
| 1235 | * made it possible to link ndis_events.exe functionality into |
| 1236 | wpa_supplicant.exe by defining CONFIG_NDIS_EVENTS_INTEGRATED |
| 1237 | * added better support for multiple control interface backends |
| 1238 | (CONFIG_CTRL_IFACE option); currently, 'unix' and 'udp' are supported |
| 1239 | * fixed PC/SC code to use correct length for GSM AUTH command buffer |
| 1240 | and to not use pioRecvPci with SCardTransmit() calls; these were not |
| 1241 | causing visible problems with pcsc-lite, but Windows Winscard.dll |
| 1242 | refused the previously used parameters; this fixes EAP-SIM and |
| 1243 | EAP-AKA authentication using SIM/USIM card under Windows |
| 1244 | * added new event loop implementation for Windows using |
| 1245 | WaitForMultipleObject() instead of select() in order to allow waiting |
| 1246 | for non-socket objects; this can be selected with |
| 1247 | CONFIG_ELOOP=eloop_win in .config |
| 1248 | * added support for selecting l2_packet implementation in .config |
| 1249 | (CONFIG_L2_PACKET; following options are available now: linux, pcap, |
| 1250 | winpcap, freebsd, none) |
| 1251 | * added new l2_packet implementation for WinPcap |
| 1252 | (CONFIG_L2_PACKET=winpcap) that uses a separate receive thread to |
| 1253 | reduce latency in EAPOL receive processing from about 100 ms to about |
| 1254 | 3 ms |
| 1255 | * added support for EAP-FAST key derivation using other ciphers than |
| 1256 | RC4-128-SHA for authentication and AES128-SHA for provisioning |
| 1257 | * added support for configuring CA certificate as DER file and as a |
| 1258 | configuration blob |
| 1259 | * fixed private key configuration as configuration blob and added |
| 1260 | support for using PKCS#12 as a blob |
| 1261 | * tls_gnutls: added support for using PKCS#12 files; added support for |
| 1262 | session resumption |
| 1263 | * added support for loading trusted CA certificates from Windows |
| 1264 | certificate store: ca_cert="cert_store://<name>", where <name> is |
| 1265 | likely CA (Intermediate CA certificates) or ROOT (root certificates) |
| 1266 | * added C version of ndis_events.cpp and made it possible to build this |
| 1267 | with MinGW so that CONFIG_NDIS_EVENTS_INTEGRATED can be used more |
| 1268 | easily on cross-compilation builds |
| 1269 | * added wpasvc.exe into Windows binary release; this is an alternative |
| 1270 | version of wpa_supplicant.exe with configuration backend using |
| 1271 | Windows registry and with the entry point designed to run as a |
| 1272 | Windows service |
| 1273 | * integrated ndis_events.exe functionality into wpa_supplicant.exe and |
| 1274 | wpasvc.exe and removed this additional tool from the Windows binary |
| 1275 | release since it is not needed anymore |
| 1276 | * load winscard.dll functions dynamically when building with MinGW |
| 1277 | since MinGW does not yet include winscard library |
| 1278 | |
| 1279 | 2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases) |
| 1280 | * l2_packet_pcap: fixed wired IEEE 802.1X authentication with libpcap |
| 1281 | and WinPcap to receive frames sent to PAE group address |
| 1282 | * disable EAP state machine when IEEE 802.1X authentication is not used |
| 1283 | in order to get rid of bogus "EAP failed" messages |
| 1284 | * fixed OpenSSL error reporting to go through all pending errors to |
| 1285 | avoid confusing reports of old errors being reported at later point |
| 1286 | during handshake |
| 1287 | * fixed configuration file updating to not write empty variables |
| 1288 | (e.g., proto or key_mgmt) that the file parser would not accept |
| 1289 | * fixed ADD_NETWORK ctrl_iface command to use the same default values |
| 1290 | for variables as empty network definitions read from config file |
| 1291 | would get |
| 1292 | * fixed EAP state machine to not discard EAP-Failure messages in many |
| 1293 | cases (e.g., during TLS handshake) |
| 1294 | * fixed a infinite loop in private key reading if the configured file |
| 1295 | cannot be parsed successfully |
| 1296 | * driver_madwifi: added support for madwifi-ng |
| 1297 | * wpa_gui: do not display password/PSK field contents |
| 1298 | * wpa_gui: added CA certificate configuration |
| 1299 | * driver_ndis: fixed scan request in ap_scan=2 mode not to change SSID |
| 1300 | * driver_ndis: include Beacon IEs in AssocInfo in order to notice if |
| 1301 | the new AP is using different WPA/RSN IE |
| 1302 | * use longer timeout for IEEE 802.11 association to avoid problems with |
| 1303 | drivers that may take more than five second to associate |
| 1304 | |
| 1305 | 2005-10-27 - v0.4.6 |
| 1306 | * allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch in |
| 1307 | RSN IE, but WPA IE would match with wpa_supplicant configuration |
| 1308 | * added support for named configuration blobs in order to avoid having |
| 1309 | to use file system for external files (e.g., certificates); |
| 1310 | variables can be set to "blob://<blob name>" instead of file path to |
| 1311 | use a named blob; supported fields: pac_file, client_cert, |
| 1312 | private_key |
| 1313 | * fixed RSN pre-authentication (it was broken in the clean up of WPA |
| 1314 | state machine interface in v0.4.5) |
| 1315 | * driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make |
| 1316 | sure the driver configures broadcast decryption correctly |
| 1317 | * added ca_path (and ca_path2) configuration variables that can be used |
| 1318 | to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the |
| 1319 | system-wide trusted CA list |
| 1320 | * added support for starting wpa_supplicant without a configuration |
| 1321 | file (-C argument must be used to set ctrl_interface parameter for |
| 1322 | this case; in addition, -p argument can be used to provide |
| 1323 | driver_param; these new arguments can also be used with a |
| 1324 | configuration to override the values from the configuration) |
| 1325 | * added global control interface that can be optionally used for adding |
| 1326 | and removing network interfaces dynamically (-g command line argument |
| 1327 | for both wpa_supplicant and wpa_cli) without having to restart |
| 1328 | wpa_supplicant process |
| 1329 | * wpa_gui: |
| 1330 | - try to save configuration whenever something is modified |
| 1331 | - added WEP key configuration |
| 1332 | - added possibility to edit the current network configuration |
| 1333 | * driver_ndis: fixed driver polling not to increase frequency on each |
| 1334 | received EAPOL frame due to incorrectly cancelled timeout |
| 1335 | * added simple configuration file examples (in examples subdirectory) |
| 1336 | * fixed driver_wext.c to filter wireless events based on ifindex to |
| 1337 | avoid interfaces receiving events from other interfaces |
| 1338 | * delay sending initial EAPOL-Start couple of seconds to speed up |
| 1339 | authentication for the most common case of Authenticator starting |
| 1340 | EAP authentication immediately after association |
| 1341 | |
| 1342 | 2005-09-25 - v0.4.5 |
| 1343 | * added a workaround for clearing keys with ndiswrapper to allow |
| 1344 | roaming from WPA enabled AP to plaintext one |
| 1345 | * added docbook documentation (doc/docbook) that can be used to |
| 1346 | generate, e.g., man pages |
| 1347 | * l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW for |
| 1348 | PF_PACKET in order to prepare for network devices that do not use |
| 1349 | Ethernet headers (e.g., network stack with native IEEE 802.11 frames) |
| 1350 | * use receipt of EAPOL-Key frame as a lower layer success indication |
| 1351 | for EAP state machine to allow recovery from dropped EAP-Success |
| 1352 | frame |
| 1353 | * cleaned up internal EAPOL frame processing by not including link |
| 1354 | layer (Ethernet) header during WPA and EAPOL/EAP processing; this |
| 1355 | header is added only when transmitted the frame; this makes it easier |
| 1356 | to use wpa_supplicant on link layers that use different header than |
| 1357 | Ethernet |
| 1358 | * updated EAP-PSK to use draft 9 by default since this can now be |
| 1359 | tested with hostapd; removed support for draft 3, including |
| 1360 | server_nai configuration option from network blocks |
| 1361 | * driver_wired: add PAE address to the multicast address list in order |
| 1362 | to be able to receive EAPOL frames with drivers that do not include |
| 1363 | these multicast addresses by default |
| 1364 | * driver_wext: add support for WE-19 |
| 1365 | * added support for multiple configuration backends (CONFIG_BACKEND |
| 1366 | option); currently, only 'file' is supported (i.e., the format used |
| 1367 | in wpa_supplicant.conf) |
| 1368 | * added support for updating configuration ('wpa_cli save_config'); |
| 1369 | this is disabled by default and can be enabled with global |
| 1370 | update_config=1 variable in wpa_supplicant.conf; this allows wpa_cli |
| 1371 | and wpa_gui to store the configuration changes in a permanent store |
| 1372 | * added GET_NETWORK ctrl_iface command |
| 1373 | (e.g., 'wpa_cli get_network 0 ssid') |
| 1374 | |
| 1375 | 2005-08-21 - v0.4.4 |
| 1376 | * replaced OpenSSL patch for EAP-FAST support |
| 1377 | (openssl-tls-extensions.patch) with a more generic and correct |
| 1378 | patch (the new patch is not compatible with the previous one, so the |
| 1379 | OpenSSL library will need to be patched with the new patch in order |
| 1380 | to be able to build wpa_supplicant with EAP-FAST support) |
| 1381 | * added support for using Windows certificate store (through CryptoAPI) |
| 1382 | for client certificate and private key operations (EAP-TLS) |
| 1383 | (see wpa_supplicant.conf for more information on how to configure |
| 1384 | this with private_key) |
| 1385 | * ported wpa_gui to Windows |
| 1386 | * added Qt4 version of wpa_gui (wpa_gui-qt4 directory); this can be |
| 1387 | built with the open source version of the Qt4 for Windows |
| 1388 | * allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be used |
| 1389 | with drivers that do not support WPA |
| 1390 | * ndis_events: fixed Windows 2000 support |
| 1391 | * added support for enabling/disabling networks from the list of all |
| 1392 | configured networks ('wpa_cli enable_network <network id>' and |
| 1393 | 'wpa_cli disable_network <network id>') |
| 1394 | * added support for adding and removing network from the current |
| 1395 | configuration ('wpa_cli add_network' and 'wpa_cli remove_network |
| 1396 | <network id>'); added networks are disabled by default and they can |
| 1397 | be enabled with enable_network command once the configuration is done |
| 1398 | for the new network; note: configuration file is not yet updated, so |
| 1399 | these new networks are lost when wpa_supplicant is restarted |
| 1400 | * added support for setting network configuration parameters through |
| 1401 | the control interface, for example: |
| 1402 | wpa_cli set_network 0 ssid "\"my network\"" |
| 1403 | * fixed parsing of strings that include both " and # within double |
| 1404 | quoted area (e.g., "start"#end") |
| 1405 | * added EAP workaround for PEAP session resumption: allow outer, |
| 1406 | i.e., not tunneled, EAP-Success to terminate session since; this can |
| 1407 | be disabled with eap_workaround=0 |
| 1408 | (this was allowed for PEAPv1 before, but now it is also allowed for |
| 1409 | PEAPv0 since at least one RADIUS authentication server seems to be |
| 1410 | doing this for PEAPv0, too) |
| 1411 | * wpa_gui: added preliminary support for adding new networks to the |
| 1412 | wpa_supplicant configuration (double click on the scan results to |
| 1413 | open network configuration) |
| 1414 | |
| 1415 | 2005-06-26 - v0.4.3 |
| 1416 | * removed interface for external EAPOL/EAP supplicant (e.g., |
| 1417 | Xsupplicant), (CONFIG_XSUPPLICANT_IFACE) since it is not required |
| 1418 | anymore and is unlikely to be used by anyone |
| 1419 | * driver_ndis: fixed WinPcap 3.0 support |
| 1420 | * fixed build with CONFIG_DNET_PCAP=y on Linux |
| 1421 | * l2_packet: moved different implementations into separate files |
| 1422 | (l2_packet_*.c) |
| 1423 | |
| 1424 | 2005-06-12 - v0.4.2 |
| 1425 | * driver_ipw: updated driver structures to match with ipw2200-1.0.4 |
| 1426 | (note: ipw2100-1.1.0 is likely to require an update to work with |
| 1427 | this) |
| 1428 | * added support for using ap_scan=2 mode with multiple network blocks; |
| 1429 | wpa_supplicant will go through the networks one by one until the |
| 1430 | driver reports a successful association; this uses the same order for |
| 1431 | networks as scan_ssid=1 scans, i.e., the priority field is ignored |
| 1432 | and the network block order in the file is used instead |
| 1433 | * fixed a potential issue in RSN pre-authentication ending up using |
| 1434 | freed memory if pre-authentication times out |
| 1435 | * added support for matching alternative subject name extensions of the |
| 1436 | authentication server certificate; new configuration variables |
| 1437 | altsubject_match and altsubject_match2 |
| 1438 | * driver_ndis: added support for IEEE 802.1X authentication with wired |
| 1439 | NDIS drivers |
| 1440 | * added support for querying private key password (EAP-TLS) through the |
| 1441 | control interface (wpa_cli/wpa_gui) if one is not included in the |
| 1442 | configuration file |
| 1443 | * driver_broadcom: fixed couple of memory leaks in scan result |
| 1444 | processing |
| 1445 | * EAP-PAX is now registered as EAP type 46 |
| 1446 | * fixed EAP-PAX MAC calculation |
| 1447 | * fixed EAP-PAX CK and ICK key derivation |
| 1448 | * added support for using password with EAP-PAX (as an alternative to |
| 1449 | entering key with eappsk); SHA-1 hash of the password will be used as |
| 1450 | the key in this case |
| 1451 | * added support for arbitrary driver interface parameters through the |
| 1452 | configuration file with a new driver_param field; this adds a new |
| 1453 | driver_ops function set_param() |
| 1454 | * added possibility to override l2_packet module with driver interface |
| 1455 | API (new send_eapol handler); this can be used to implement driver |
| 1456 | specific TX/RX functions for EAPOL frames |
| 1457 | * fixed ctrl_interface_group processing for the case where gid is |
| 1458 | entered as a number, not group name |
| 1459 | * driver_test: added support for testing hostapd with wpa_supplicant |
| 1460 | by using test driver interface without any kernel drivers or network |
| 1461 | cards |
| 1462 | |
| 1463 | 2005-05-22 - v0.4.1 |
| 1464 | * driver_madwifi: fixed WPA/WPA2 mode configuration to allow EAPOL |
| 1465 | packets to be encrypted; this was apparently broken by the changed |
| 1466 | ioctl order in v0.4.0 |
| 1467 | * driver_madwifi: added preliminary support for compiling against 'BSD' |
| 1468 | branch of madwifi CVS tree |
| 1469 | * added support for EAP-MSCHAPv2 password retries within the same EAP |
| 1470 | authentication session |
| 1471 | * added support for password changes with EAP-MSCHAPv2 (used when the |
| 1472 | password has expired) |
| 1473 | * added support for reading additional certificates from PKCS#12 files |
| 1474 | and adding them to the certificate chain |
| 1475 | * fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys |
| 1476 | were used |
| 1477 | * fixed a possible double free in EAP-TTLS fast-reauthentication when |
| 1478 | identity or password is entered through control interface |
| 1479 | * display EAP Notification messages to user through control interface |
| 1480 | with "CTRL-EVENT-EAP-NOTIFICATION" prefix |
| 1481 | * added GUI version of wpa_cli, wpa_gui; this is not build |
| 1482 | automatically with 'make'; use 'make wpa_gui' to build (this requires |
| 1483 | Qt development tools) |
| 1484 | * added 'disconnect' command to control interface for setting |
| 1485 | wpa_supplicant in state where it will not associate before |
| 1486 | 'reassociate' command has been used |
| 1487 | * added support for selecting a network from the list of all configured |
| 1488 | networks ('wpa_cli select_network <network id>'; this disabled all |
| 1489 | other networks; to re-enable, 'wpa_cli select_network any') |
| 1490 | * added support for getting scan results through control interface |
| 1491 | * added EAP workaround for PEAPv1 session resumption: allow outer, |
| 1492 | i.e., not tunneled, EAP-Success to terminate session since; this can |
| 1493 | be disabled with eap_workaround=0 |
| 1494 | |
| 1495 | 2005-04-25 - v0.4.0 (beginning of 0.4.x development releases) |
| 1496 | * added a new build time option, CONFIG_NO_STDOUT_DEBUG, that can be |
| 1497 | used to reduce the size of the wpa_supplicant considerably if |
| 1498 | debugging code is not needed |
| 1499 | * fixed EAPOL-Key validation to drop packets with invalid Key Data |
| 1500 | Length; such frames could have crashed wpa_supplicant due to buffer |
| 1501 | overflow |
| 1502 | * added support for wired authentication (IEEE 802.1X on wired |
| 1503 | Ethernet); driver interface 'wired' |
| 1504 | * obsoleted set_wpa() handler in the driver interface API (it can be |
| 1505 | replaced by moving enable/disable functionality into init()/deinit()) |
| 1506 | (calls to set_wpa() are still present for backwards compatibility, |
| 1507 | but they may be removed in the future) |
| 1508 | * driver_madwifi: fixed association in plaintext mode |
| 1509 | * modified the EAP workaround that accepts EAP-Success with incorrect |
| 1510 | Identifier to be even less strict about verification in order to |
| 1511 | interoperate with some authentication servers |
| 1512 | * added support for sending TLS alerts |
| 1513 | * added support for 'any' SSID wildcard; if ssid is not configured or |
| 1514 | is set to an empty string, any SSID will be accepted for non-WPA AP |
| 1515 | * added support for asking PIN (for SIM) from frontends (e.g., |
| 1516 | wpa_cli); if a PIN is needed, but not included in the configuration |
| 1517 | file, a control interface request is sent and EAP processing is |
| 1518 | delayed until the PIN is available |
| 1519 | * added support for using external devices (e.g., a smartcard) for |
| 1520 | private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config); |
| 1521 | new wpa_supplicant.conf variables: |
| 1522 | - global: opensc_engine_path, pkcs11_engine_path, pkcs11_module_path |
| 1523 | - network: engine, engine_id, key_id |
| 1524 | * added experimental support for EAP-PAX |
| 1525 | * added monitor mode for wpa_cli (-a<path to a program to run>) that |
| 1526 | allows external commands (e.g., shell scripts) to be run based on |
| 1527 | wpa_supplicant events, e.g., when authentication has been completed |
| 1528 | and data connection is ready; other related wpa_cli arguments: |
| 1529 | -B (run in background), -P (write PID file); wpa_supplicant has a new |
| 1530 | command line argument (-W) that can be used to make it wait until a |
| 1531 | control interface command is received in order to avoid missing |
| 1532 | events |
| 1533 | * added support for opportunistic WPA2 PMKSA key caching (disabled by |
| 1534 | default, can be enabled with proactive_key_caching=1) |
| 1535 | * fixed RSN IE in 4-Way Handshake message 2/4 for the case where |
| 1536 | Authenticator rejects PMKSA caching attempt and the driver is not |
| 1537 | using assoc_info events |
| 1538 | * added -P<pid file> argument for wpa_supplicant to write the current |
| 1539 | process id into a file |
| 1540 | |
| 1541 | 2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases) |
| 1542 | * added new phase1 option parameter, include_tls_length=1, to force |
| 1543 | wpa_supplicant to add TLS Message Length field to all TLS messages |
| 1544 | even if the packet is not fragmented; this may be needed with some |
| 1545 | authentication servers |
| 1546 | * fixed WPA/RSN IE verification in message 3 of 4-Way Handshake when |
| 1547 | using drivers that take care of AP selection (e.g., when using |
| 1548 | ap_scan=2) |
| 1549 | * fixed reprocessing of pending request after ctrl_iface requests for |
| 1550 | identity/password/otp |
| 1551 | * fixed ctrl_iface requests for identity/password/otp in Phase 2 of |
| 1552 | EAP-PEAP and EAP-TTLS |
| 1553 | * all drivers using driver_wext: set interface up and select Managed |
| 1554 | mode when starting wpa_supplicant; set interface down when exiting |
| 1555 | * renamed driver_ipw2100.c to driver_ipw.c since it now supports both |
| 1556 | ipw2100 and ipw2200; please note that this also changed the |
| 1557 | configuration variable in .config to CONFIG_DRIVER_IPW |
| 1558 | |
| 1559 | 2005-01-24 - v0.3.6 |
| 1560 | * fixed a busy loop introduced in v0.3.5 for scan result processing |
| 1561 | when no matching AP is found |
| 1562 | |
| 1563 | 2005-01-23 - v0.3.5 |
| 1564 | * added a workaround for an interoperability issue with a Cisco AP |
| 1565 | when using WPA2-PSK |
| 1566 | * fixed non-WPA IEEE 802.1X to use the same authentication timeout as |
| 1567 | WPA with IEEE 802.1X (i.e., timeout 10 -> 70 sec to allow |
| 1568 | retransmission of dropped frames) |
| 1569 | * fixed issues with 64-bit CPUs and SHA1 cleanup in previous version |
| 1570 | (e.g., segfault when processing EAPOL-Key frames) |
| 1571 | * fixed EAP workaround and fast reauthentication configuration for |
| 1572 | RSN pre-authentication; previously these were disabled and |
| 1573 | pre-authentication would fail if the used authentication server |
| 1574 | requires EAP workarounds |
| 1575 | * added support for blacklisting APs that fail or timeout |
| 1576 | authentication in ap_scan=1 mode so that all APs are tried in cases |
| 1577 | where the ones with strongest signal level are failing authentication |
| 1578 | * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS |
| 1579 | authentication attempt |
| 1580 | * allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded |
| 1581 | in the previous authentication (previously, only Phase 1 success was |
| 1582 | verified) |
| 1583 | |
| 1584 | 2005-01-09 - v0.3.4 |
| 1585 | * added preliminary support for IBSS (ad-hoc) mode configuration |
| 1586 | (mode=1 in network block); this included a new key_mgmt mode |
| 1587 | WPA-NONE, i.e., TKIP or CCMP with a fixed key (based on psk) and no |
| 1588 | key management; see wpa_supplicant.conf for more details and an |
| 1589 | example on how to configure this (note: this is currently implemented |
| 1590 | only for driver_hostapd.c, but the changes should be trivial to add |
| 1591 | in associate() handler for other drivers, too (assuming the driver |
| 1592 | supports WPA-None) |
| 1593 | * added preliminary port for native Windows (i.e., no cygwin) using |
| 1594 | mingw |
| 1595 | |
| 1596 | 2005-01-02 - v0.3.3 |
| 1597 | * added optional support for GNU Readline and History Libraries for |
| 1598 | wpa_cli (CONFIG_READLINE) |
| 1599 | * cleaned up EAP state machine <-> method interface and number of |
| 1600 | small problems with error case processing not terminating on |
| 1601 | EAP-Failure but waiting for timeout |
| 1602 | * added couple of workarounds for interoperability issues with a |
| 1603 | Cisco AP when using WPA2 |
| 1604 | * added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt); |
| 1605 | Note: This requires a patch for openssl to add support for TLS |
| 1606 | extensions and number of workarounds for operations without |
| 1607 | certificates. Proof of concept type of experimental patch is |
| 1608 | included in openssl-tls-extensions.patch. |
| 1609 | |
| 1610 | 2004-12-19 - v0.3.2 |
| 1611 | * fixed private key loading for cases where passphrase is not set |
| 1612 | * fixed Windows/cygwin L2 packet handler freeing; previous version |
| 1613 | could cause a segfault when RSN pre-authentication was completed |
| 1614 | * added support for PMKSA caching with drivers that generate RSN IEs |
| 1615 | (e.g., NDIS); currently, this is only implemented in driver_ndis.c, |
| 1616 | but similar code can be easily added to driver_ndiswrapper.c once |
| 1617 | ndiswrapper gets full support for RSN PMKSA caching |
| 1618 | * improved recovery from PMKID mismatches by requesting full EAP |
| 1619 | authentication in case of failed PMKSA caching attempt |
| 1620 | * driver_ndis: added support for NDIS NdisMIncidateStatus() events |
| 1621 | (this requires that ndis_events is ran while wpa_supplicant is |
| 1622 | running) |
| 1623 | * driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys |
| 1624 | * added support for driver interfaces to replace the interface name |
| 1625 | based on driver/OS specific mapping, e.g., in case of driver_ndis, |
| 1626 | this allows the beginning of the adapter description to be used as |
| 1627 | the interface name |
| 1628 | * added support for CR+LF (Windows-style) line ends in configuration |
| 1629 | file |
| 1630 | * driver_ndis: enable radio before starting scanning, disable radio |
| 1631 | when exiting |
| 1632 | * modified association event handler to set portEnabled = FALSE before |
| 1633 | clearing port Valid in order to reset EAP state machine and avoid |
| 1634 | problems with new authentication getting ignored because of state |
| 1635 | machines ending up in AUTHENTICATED/SUCCESS state based on old |
| 1636 | information |
| 1637 | * added support for driver events to add PMKID candidates in order to |
| 1638 | allow drivers to give priority to most likely roaming candidates |
| 1639 | * driver_hostap: moved PrivacyInvoked configuration to associate() |
| 1640 | function so that this will not be set for plaintext connections |
| 1641 | * added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that driver |
| 1642 | interface can distinguish plaintext and IEEE 802.1X (no WPA) |
| 1643 | authentication |
| 1644 | * fixed static WEP key configuration to use broadcast/default type for |
| 1645 | all keys (previously, the default TX key was configured as pairwise/ |
| 1646 | unicast key) |
| 1647 | * driver_ndis: added legacy WPA capability detection for non-WPA2 |
| 1648 | drivers |
| 1649 | * added support for setting static WEP keys for IEEE 802.1X without |
| 1650 | dynamic WEP keying (eapol_flags=0) |
| 1651 | |
| 1652 | 2004-12-12 - v0.3.1 |
| 1653 | * added support for reading PKCS#12 (PFX) files (as a replacement for |
| 1654 | PEM/DER) to get certificate and private key (CONFIG_PKCS12) |
| 1655 | * fixed compilation with CONFIG_PCSC=y |
| 1656 | * added new ap_scan mode, ap_scan=2, for drivers that take care of |
| 1657 | association, but need to be configured with security policy and SSID, |
| 1658 | e.g., ndiswrapper and NDIS driver; this mode should allow such |
| 1659 | drivers to work with hidden SSIDs and optimized roaming; when |
| 1660 | ap_scan=2 is used, only the first network block in the configuration |
| 1661 | file is used and this configuration should have explicit security |
| 1662 | policy (i.e., only one option in the lists) for key_mgmt, pairwise, |
| 1663 | group, proto variables |
| 1664 | * added experimental port of wpa_supplicant for Windows |
| 1665 | - driver_ndis.c driver interface (NDIS OIDs) |
| 1666 | - currently, this requires cygwin and WinPcap |
| 1667 | - small utility, win_if_list, can be used to get interface name |
| 1668 | * control interface can now be removed at build time; add |
| 1669 | CONFIG_CTRL_IFACE=y to .config to maintain old functionality |
| 1670 | * optional Xsupplicant interface can now be removed at build time; |
| 1671 | (CONFIG_XSUPPLICANT_IFACE=y in .config to bring it back) |
| 1672 | * added auth_alg to driver interface associate() parameters to make it |
| 1673 | easier for drivers to configure authentication algorithm as part of |
| 1674 | the association |
| 1675 | |
| 1676 | 2004-12-05 - v0.3.0 (beginning of 0.3.x development releases) |
| 1677 | * driver_broadcom: added new driver interface for Broadcom wl.o driver |
| 1678 | (a generic driver for Broadcom IEEE 802.11a/g cards) |
| 1679 | * wpa_cli: fixed parsing of -p <path> command line argument |
| 1680 | * PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS |
| 1681 | ACK, not tunneled EAP-Success (of which only the first byte was |
| 1682 | actually send due to a bug in previous code); this seems to |
| 1683 | interoperate with most RADIUS servers that implements PEAPv1 |
| 1684 | * PEAPv1: added support for terminating PEAP authentication on tunneled |
| 1685 | EAP-Success message; this can be configured by adding |
| 1686 | peap_outer_success=0 on phase1 parameters in wpa_supplicant.conf |
| 1687 | (some RADIUS servers require this whereas others require a tunneled |
| 1688 | reply |
| 1689 | * PEAPv1: changed phase1 option peaplabel to use default to 0, i.e., to |
| 1690 | the old label for key derivation; previously, the default was 1, |
| 1691 | but it looks like most existing PEAPv1 implementations use the old |
| 1692 | label which is thus more suitable default option |
| 1693 | * added support for EAP-PSK (draft-bersani-eap-psk-03.txt) |
| 1694 | * fixed parsing of wep_tx_keyidx |
| 1695 | * added support for configuring list of allowed Phase 2 EAP types |
| 1696 | (for both EAP-PEAP and EAP-TTLS) instead of only one type |
| 1697 | * added support for configuring IEEE 802.11 authentication algorithm |
| 1698 | (auth_alg; mainly for using Shared Key authentication with static |
| 1699 | WEP keys) |
| 1700 | * added support for EAP-AKA (with UMTS SIM) |
| 1701 | * fixed couple of errors in PCSC handling that could have caused |
| 1702 | random-looking errors for EAP-SIM |
| 1703 | * added support for EAP-SIM pseudonyms and fast re-authentication |
| 1704 | * added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS |
| 1705 | session resumption) |
| 1706 | * added support for EAP-SIM with two challanges |
| 1707 | (phase1="sim_min_num_chal=3" can be used to require three challenges) |
| 1708 | * added support for configuring DH/DSA parameters for an ephemeral DH |
| 1709 | key exchange (EAP-TLS/PEAP/TTLS) using new configuration parameters |
| 1710 | dh_file and dh_file2 (phase 2); this adds support for using DSA keys |
| 1711 | and optional DH key exchange to achieve forward secracy with RSA keys |
| 1712 | * added support for matching subject of the authentication server |
| 1713 | certificate with a substring when using EAP-TLS/PEAP/TTLS; new |
| 1714 | configuration variables subject_match and subject_match2 |
| 1715 | * changed SSID configuration in driver_wext.c (used by many driver |
| 1716 | interfaces) to use ssid_len+1 as the length for SSID since some Linux |
| 1717 | drivers expect this |
| 1718 | * fixed couple of unaligned reads in scan result parsing to fix WPA |
| 1719 | connection on some platforms (e.g., ARM) |
| 1720 | * added driver interface for Intel ipw2100 driver |
| 1721 | * added support for LEAP with WPA |
| 1722 | * added support for larger scan results report (old limit was 4 kB of |
| 1723 | data, i.e., about 35 or so APs) when using Linux wireless extensions |
| 1724 | v17 or newer |
| 1725 | * fixed a bug in PMKSA cache processing: skip sending of EAPOL-Start |
| 1726 | only if there is a PMKSA cache entry for the current AP |
| 1727 | * fixed error handling for case where reading of scan results fails: |
| 1728 | must schedule a new scan or wpa_supplicant will remain waiting |
| 1729 | forever |
| 1730 | * changed debug output to remove shared password/key material by |
| 1731 | default; all key information can be included with -K command line |
| 1732 | argument to match the previous behavior |
| 1733 | * added support for timestamping debug log messages (disabled by |
| 1734 | default, can be enabled with -t command line argument) |
| 1735 | * set pairwise/group cipher suite for non-WPA IEEE 802.1X to WEP-104 |
| 1736 | if keys are not configured to be used; this fixes IEEE 802.1X mode |
| 1737 | with drivers that use this information to configure whether Privacy |
| 1738 | bit can be in Beacon frames (e.g., ndiswrapper) |
| 1739 | * avoid clearing driver keys if no keys have been configured since last |
| 1740 | key clear request; this seems to improve reliability of group key |
| 1741 | handshake for ndiswrapper & NDIS driver which seems to be suffering |
| 1742 | of some kind of timing issue when the keys are cleared again after |
| 1743 | association |
| 1744 | * changed driver interface API: |
| 1745 | - WPA_SUPPLICANT_DRIVER_VERSION define can be used to determine which |
| 1746 | version is being used (now, this is set to 2; previously, it was |
| 1747 | not defined) |
| 1748 | - pass pointer to private data structure to all calls |
| 1749 | - the new API is not backwards compatible; all in-tree driver |
| 1750 | interfaces has been converted to the new API |
| 1751 | * added support for controlling multiple interfaces (radios) per |
| 1752 | wpa_supplicant process; each interface needs to be listed on the |
| 1753 | command line (-c, -i, -D arguments) with -N as a separator |
| 1754 | (-cwpa1.conf -iwlan0 -Dhostap -N -cwpa2.conf -iath0 -Dmadwifi) |
| 1755 | * added a workaround for EAP servers that incorrectly use same Id for |
| 1756 | sequential EAP packets |
| 1757 | * changed libpcap/libdnet configuration to use .config variable, |
| 1758 | CONFIG_DNET_PCAP, instead of requiring Makefile modification |
| 1759 | * improved downgrade attack detection in IE verification of msg 3/4: |
| 1760 | verify both WPA and RSN IEs, if present, not only the selected one; |
| 1761 | reject the AP if an RSN IE is found in msg 3/4, but not in Beacon or |
| 1762 | Probe Response frame, and RSN is enabled in wpa_supplicant |
| 1763 | configuration |
| 1764 | * fixed WPA msg 3/4 processing to allow Key Data field contain other |
| 1765 | IEs than just one WPA IE |
| 1766 | * added support for FreeBSD and driver interface for the BSD net80211 |
| 1767 | layer (CONFIG_DRIVER_BSD=y in .config); please note that some of the |
| 1768 | required kernel mods have not yet been committed |
| 1769 | * made EAP workarounds configurable; enabled by default, can be |
| 1770 | disabled with network block option eap_workaround=0 |
| 1771 | |
| 1772 | 2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases) |
| 1773 | * resolved couple of interoperability issues with EAP-PEAPv1 and |
| 1774 | Phase 2 (inner EAP) fragment reassembly |
| 1775 | * driver_madwifi: fixed WEP key configuration for IEEE 802.1X when the |
| 1776 | AP is using non-zero key index for the unicast key and key index zero |
| 1777 | for the broadcast key |
| 1778 | * driver_hostap: fixed IEEE 802.1X WEP key updates and |
| 1779 | re-authentication by allowing unencrypted EAPOL frames when not using |
| 1780 | WPA |
| 1781 | * added a new driver interface, 'wext', which uses only standard, |
| 1782 | driver independent functionality in Linux wireless extensions; |
| 1783 | currently, this can be used only for non-WPA IEEE 802.1X mode, but |
| 1784 | eventually, this is to be extended to support full WPA/WPA2 once |
| 1785 | Linux wireless extensions get support for this |
| 1786 | * added support for mode in which the driver is responsible for AP |
| 1787 | scanning and selection; this is disabled by default and can be |
| 1788 | enabled with global ap_scan=0 variable in wpa_supplicant.conf; |
| 1789 | this mode can be used, e.g., with generic 'wext' driver interface to |
| 1790 | use wpa_supplicant as IEEE 802.1X Supplicant with any Linux driver |
| 1791 | supporting wireless extensions. |
| 1792 | * driver_madwifi: fixed WPA2 configuration and scan_ssid=1 (e.g., |
| 1793 | operation with an AP that does not include SSID in the Beacon frames) |
| 1794 | * added support for new EAP authentication methods: |
| 1795 | EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP |
| 1796 | * added support for asking one-time-passwords from frontends (e.g., |
| 1797 | wpa_cli); this 'otp' command works otherwise like 'password' command, |
| 1798 | but the password is used only once and the frontend will be asked for |
| 1799 | a new password whenever a request from authenticator requires a |
| 1800 | password; this can be used with both EAP-OTP and EAP-GTC |
| 1801 | * changed wpa_cli to automatically re-establish connection so that it |
| 1802 | does not need to be re-started when wpa_supplicant is terminated and |
| 1803 | started again |
| 1804 | * improved user data (identity/password/otp) requests through |
| 1805 | frontends: process pending EAPOL packets after getting new |
| 1806 | information so that full authentication does not need to be |
| 1807 | restarted; in addition, send pending requests again whenever a new |
| 1808 | frontend is attached |
| 1809 | * changed control frontends to use a new directory for socket files to |
| 1810 | make it easier for wpa_cli to automatically select between interfaces |
| 1811 | and to provide access control for the control interface; |
| 1812 | wpa_supplicant.conf: ctrl_interface is now a path |
| 1813 | (/var/run/wpa_supplicant is the recommended path) and |
| 1814 | ctrl_interface_group can be used to select which group gets access to |
| 1815 | the control interface; |
| 1816 | wpa_cli: by default, try to connect to the first interface available |
| 1817 | in /var/run/wpa_supplicant; this path can be overriden with -p option |
| 1818 | and an interface can be selected with -i option (i.e., in most common |
| 1819 | cases, wpa_cli does not need to get any arguments) |
| 1820 | * added support for LEAP |
| 1821 | * added driver interface for Linux ndiswrapper |
| 1822 | * added priority option for network blocks in the configuration file; |
| 1823 | this allows networks to be grouped based on priority (the scan |
| 1824 | results are searched for matches with network blocks in this order) |
| 1825 | |
| 1826 | 2004-06-20 - v0.2.3 |
| 1827 | * sort scan results to improve AP selection |
| 1828 | * fixed control interface socket removal for some error cases |
| 1829 | * improved scan requesting and authentication timeout |
| 1830 | * small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and |
| 1831 | TLS processing |
| 1832 | * PEAP version can now be forced with phase1="peapver=<ver>" |
| 1833 | (mostly for testing; by default, the highest version supported by |
| 1834 | both the Supplicant and Authentication Server is selected |
| 1835 | automatically) |
| 1836 | * added support for madwifi driver (Atheros ar521x) |
| 1837 | * added a workaround for cases where AP sets Install Tx/Rx bit for |
| 1838 | WPA Group Key messages when pairwise keys are used (without this, |
| 1839 | the Group Key would be used for Tx and the AP would drop frames |
| 1840 | from the station) |
| 1841 | * added GSM SIM/USIM interface for GSM authentication algorithm for |
| 1842 | EAP-SIM; this requires pcsc-lite |
| 1843 | * added support for ATMEL AT76C5XXx driver |
| 1844 | * fixed IEEE 802.1X WEP key derivation in the case where Authenticator |
| 1845 | does not include key data in the EAPOL-Key frame (i.e., part of |
| 1846 | EAP keying material is used as data encryption key) |
| 1847 | * added support for using plaintext and static WEP networks |
| 1848 | (key_mgmt=NONE) |
| 1849 | |
| 1850 | 2004-05-31 - v0.2.2 |
| 1851 | * added support for new EAP authentication methods: |
| 1852 | EAP-TTLS/EAP-MD5-Challenge |
| 1853 | EAP-TTLS/EAP-GTC |
| 1854 | EAP-TTLS/EAP-MSCHAPv2 |
| 1855 | EAP-TTLS/EAP-TLS |
| 1856 | EAP-TTLS/MSCHAPv2 |
| 1857 | EAP-TTLS/MSCHAP |
| 1858 | EAP-TTLS/PAP |
| 1859 | EAP-TTLS/CHAP |
| 1860 | EAP-PEAP/TLS |
| 1861 | EAP-PEAP/GTC |
| 1862 | EAP-PEAP/MD5-Challenge |
| 1863 | EAP-GTC |
| 1864 | EAP-SIM (not yet complete; needs GSM/SIM authentication interface) |
| 1865 | * added support for anonymous identity (to be used when identity is |
| 1866 | sent in plaintext; real identity will be used within TLS protected |
| 1867 | tunnel (e.g., with EAP-TTLS) |
| 1868 | * added event messages from wpa_supplicant to frontends, e.g., wpa_cli |
| 1869 | * added support for requesting identity and password information using |
| 1870 | control interface; in other words, the password for EAP-PEAP or |
| 1871 | EAP-TTLS does not need to be included in the configuration file since |
| 1872 | a frontand (e.g., wpa_cli) can ask it from the user |
| 1873 | * improved RSN pre-authentication to use a candidate list and process |
| 1874 | all candidates from each scan; not only one per scan |
| 1875 | * fixed RSN IE and WPA IE capabilities field parsing |
| 1876 | * ignore Tx bit in GTK IE when Pairwise keys are used |
| 1877 | * avoid making new scan requests during IEEE 802.1X negotiation |
| 1878 | * use openssl/libcrypto for MD5 and SHA-1 when compiling wpa_supplicant |
| 1879 | with TLS support (this replaces the included implementation with |
| 1880 | library code to save about 8 kB since the library code is needed |
| 1881 | anyway for TLS) |
| 1882 | * fixed WPA-PSK only mode when compiled without IEEE 802.1X support |
| 1883 | (i.e., without CONFIG_IEEE8021X_EAPOL=y in .config) |
| 1884 | |
| 1885 | 2004-05-06 - v0.2.1 |
| 1886 | * added support for internal IEEE 802.1X (actually, IEEE 802.1aa/D6.1) |
| 1887 | Supplicant |
| 1888 | - EAPOL state machines for Supplicant [IEEE 802.1aa/D6.1] |
| 1889 | - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf] |
| 1890 | - EAP-MD5 (cannot be used with WPA-RADIUS) |
| 1891 | [draft-ietf-eap-rfc2284bis-09.txt] |
| 1892 | - EAP-TLS [RFC 2716] |
| 1893 | - EAP-MSCHAPv2 (currently used only with EAP-PEAP) |
| 1894 | - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt] |
| 1895 | [draft-kamath-pppext-eap-mschapv2-00.txt] |
| 1896 | (PEAP version 0, 1, and parts of 2; only 0 and 1 are enabled by |
| 1897 | default; tested with FreeRADIUS, Microsoft IAS, and Funk Odyssey) |
| 1898 | - new configuration file options: eap, identity, password, ca_cert, |
| 1899 | client_cert, privatekey, private_key_passwd |
| 1900 | - Xsupplicant is not required anymore, but it can be used by |
| 1901 | disabling the internal IEEE 802.1X Supplicant with -e command line |
| 1902 | option |
| 1903 | - this code is not included in the default build; Makefile need to |
| 1904 | be edited for this (uncomment lines for selected functionality) |
| 1905 | - EAP-TLS and EAP-PEAP require openssl libraries |
| 1906 | * use module prefix in debug messages (WPA, EAP, EAP-TLS, ..) |
| 1907 | * added support for non-WPA IEEE 802.1X mode with dynamic WEP keys |
| 1908 | (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X |
| 1909 | EAPOL-Key frames instead of WPA key handshakes) |
| 1910 | * added support for IEEE 802.11i/RSN (WPA2) |
| 1911 | - improved PTK Key Handshake |
| 1912 | - PMKSA caching, pre-authentication |
| 1913 | * fixed wpa_supplicant to ignore possible extra data after WPA |
| 1914 | EAPOL-Key packets (this fixes 'Invalid EAPOL-Key MIC when using |
| 1915 | TPTK' error from message 3 of 4-Way Handshake in case the AP |
| 1916 | includes extra data after the EAPOL-Key) |
| 1917 | * added interface for external programs (frontends) to control |
| 1918 | wpa_supplicant |
| 1919 | - CLI example (wpa_cli) with interactive mode and command line |
| 1920 | mode |
| 1921 | - replaced SIGUSR1 status/statistics with the new control interface |
| 1922 | * made some feature compile time configurable |
| 1923 | - .config file for make |
| 1924 | - driver interfaces (hostap, hermes, ..) |
| 1925 | - EAPOL/EAP functions |
| 1926 | |
| 1927 | 2004-02-15 - v0.2.0 |
| 1928 | * Initial version of wpa_supplicant |