Merge wpa_supplicant and hostapd 0.7.3.

1 files changed, 51 insertions, 3 deletions

diff --git a/contrib/wpa/wpa_supplicant/wpa_supplicant.conf b/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
index f5143c8bc7a4..1b175adfc13e 100644
--- a/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
+++ b/contrib/wpa/wpa_supplicant/wpa_supplicant.conf
@@ -78,7 +78,9 @@ eapol_version=1
 # allow the driver to take care of AP scanning and selection and use
 # wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
 # information from the driver.
-# 1: wpa_supplicant initiates scanning and AP selection
+# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to
+#    the currently enabled networks are found, a new network (IBSS or AP mode
+#    operation) may be initialized (if configured) (default)
 # 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
 #    parameters (e.g., WPA IE generation); this mode can also be used with
 #    non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
@@ -93,6 +95,10 @@ eapol_version=1
 #    key_mgmt, pairwise, group, proto variables
 #
 # For use in FreeBSD with the wlan module ap_scan must be set to 1.
+# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
+# created immediately regardless of scan results. ap_scan=1 mode will first try
+# to scan for existing networks and only if no matches with the enabled
+# networks are found, a new IBSS or AP mode network is created.
 ap_scan=1
 
 # EAP fast re-authentication
@@ -181,6 +187,12 @@ fast_reauth=1
 # 4-octet operating system version number (hex string)
 #os_version=01020300
 
+# Config Methods
+# List of the supported configuration methods
+# Available methods: usba ethernet label display ext_nfc_token int_nfc_token
+#	nfc_interface push_button keypad
+#config_methods=label display push_button keypad
+
 # Credential processing
 #   0 = process received credentials internally (default)
 #   1 = do not process received credentials; just pass them over ctrl_iface to
@@ -189,6 +201,20 @@ fast_reauth=1
 #	to external program(s)
 #wps_cred_processing=0
 
+# Maximum number of BSS entries to keep in memory
+# Default: 200
+# This can be used to limit memory use on the BSS entries (cached scan
+# results). A larger value may be needed in environments that have huge number
+# of APs when using ap_scan=1 mode.
+#bss_max_count=200
+
+
+# filter_ssids - SSID-based scan result filtering
+# 0 = do not filter scan results (default)
+# 1 = only include configured SSIDs in scan results/BSS table
+#filter_ssids=0
+
+
 # network block
 #
 # Each network (usually AP's sharing the same SSID) is configured as a separate
@@ -233,9 +259,10 @@ fast_reauth=1
 # mode: IEEE 802.11 operation mode
 # 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
 # 1 = IBSS (ad-hoc, peer-to-peer)
+# 2 = AP (access point)
 # Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
-# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
-# to be set to 2 for IBSS. WPA-None requires following network block options:
+# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). WPA-None requires
+# following network block options:
 # proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
 # both), and psk must also be set.
 #
@@ -246,6 +273,17 @@ fast_reauth=1
 # an IBSS network with the configured SSID is already present, the frequency of
 # the network will be used instead of this configured value.
 #
+# scan_freq: List of frequencies to scan
+# Space-separated list of frequencies in MHz to scan when searching for this
+# BSS. If the subset of channels used by the network is known, this option can
+# be used to optimize scanning to not occur on channels that the network does
+# not use. Example: scan_freq=2412 2437 2462
+#
+# freq_list: Array of allowed frequencies
+# Space-separated list of frequencies in MHz to allow for selecting the BSS. If
+# set, scan results that do not match any of the specified frequencies are not
+# considered when selecting a BSS.
+#
 # proto: list of accepted protocols
 # WPA = WPA/IEEE 802.11i/D3.0
 # RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
@@ -362,6 +400,16 @@ fast_reauth=1
 #	a trusted CA certificate should always be configured when using
 #	EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
 #	change when wpa_supplicant is run in the background.
+#
+#	Alternatively, this can be used to only perform matching of the server
+#	certificate (SHA-256 hash of the DER encoded X.509 certificate). In
+#	this case, the possible CA certificates in the server certificate chain
+#	are ignored and only the server certificate is verified. This is
+#	configured with the following format:
+#	hash:://server/sha256/cert_hash_in_hex
+#	For example: "hash://server/sha256/
+#	5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"
+#
 #	On Windows, trusted CA certificates can be loaded from the system
 #	certificate store by setting this to cert_store://<name>, e.g.,
 #	ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".