summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0
diff options
context:
space:
mode:
authorCristian Iorga <cristian.iorga@intel.com>2012-07-18 15:36:28 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2012-07-19 17:18:11 +0100
commit4f2da78be65eba3760142144ad7ba6abef8408f4 (patch)
treee608e8333af0306bade03dd7114f62fea93247de /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0
parent90fbd7f6b1c462a179af2fb537a6b401402a798e (diff)
downloadpoky-4f2da78be65eba3760142144ad7ba6abef8408f4.tar.gz
wpa-supplicant: upgrade to 1.0
README file is changed. Some phrases were reformulated, but the semanthics are the same. Copyright has been renewed. Both licenses (GPL v2 and BSD) have been added explicitly. wpa_supplicant.c is changed regarding licenses body. Copyright has been renewed. (From OE-Core rev: 3c02800716aafbc12b15b3dbb3bad0dc3b942cc1) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0')
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/99_wpa_supplicant1
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls409
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa-supplicant.sh85
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf690
-rw-r--r--meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf-sane7
5 files changed, 1192 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/99_wpa_supplicant b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/99_wpa_supplicant
new file mode 100644
index 0000000000..6ff4dd8826
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/99_wpa_supplicant
@@ -0,0 +1 @@
d root root 0700 /var/run/wpa_supplicant none
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls
new file mode 100644
index 0000000000..e03338fe09
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/defconfig-gnutls
@@ -0,0 +1,409 @@
1# Example wpa_supplicant build time configuration
2#
3# This file lists the configuration options that are used when building the
4# hostapd binary. All lines starting with # are ignored. Configuration option
5# lines must be commented out complete, if they are not to be included, i.e.,
6# just setting VARIABLE=n is not disabling that variable.
7#
8# This file is included in Makefile, so variables like CFLAGS and LIBS can also
9# be modified from here. In most cases, these lines should use += in order not
10# to override previous values of the variables.
11
12
13# Uncomment following two lines and fix the paths if you have installed OpenSSL
14# or GnuTLS in non-default location
15#CFLAGS += -I/usr/local/openssl/include
16#LIBS += -L/usr/local/openssl/lib
17
18# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
19# the kerberos files are not in the default include path. Following line can be
20# used to fix build issues on such systems (krb5.h not found).
21#CFLAGS += -I/usr/include/kerberos
22
23# Example configuration for various cross-compilation platforms
24
25#### sveasoft (e.g., for Linksys WRT54G) ######################################
26#CC=mipsel-uclibc-gcc
27#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
28#CFLAGS += -Os
29#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
30#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
31###############################################################################
32
33#### openwrt (e.g., for Linksys WRT54G) #######################################
34#CC=mipsel-uclibc-gcc
35#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
36#CFLAGS += -Os
37#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
38# -I../WRT54GS/release/src/include
39#LIBS = -lssl
40###############################################################################
41
42
43# Driver interface for Host AP driver
44CONFIG_DRIVER_HOSTAP=y
45
46# Driver interface for Agere driver
47#CONFIG_DRIVER_HERMES=y
48# Change include directories to match with the local setup
49#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
50#CFLAGS += -I../../include/wireless
51
52# Driver interface for madwifi driver
53# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
54#CONFIG_DRIVER_MADWIFI=y
55# Set include directory to the madwifi source tree
56#CFLAGS += -I../../madwifi
57
58# Driver interface for ndiswrapper
59# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
60#CONFIG_DRIVER_NDISWRAPPER=y
61
62# Driver interface for Atmel driver
63# CONFIG_DRIVER_ATMEL=y
64
65# Driver interface for old Broadcom driver
66# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
67# Linux wireless extensions and does not need (or even work) with the old
68# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
69#CONFIG_DRIVER_BROADCOM=y
70# Example path for wlioctl.h; change to match your configuration
71#CFLAGS += -I/opt/WRT54GS/release/src/include
72
73# Driver interface for Intel ipw2100/2200 driver
74# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
75#CONFIG_DRIVER_IPW=y
76
77# Driver interface for Ralink driver
78#CONFIG_DRIVER_RALINK=y
79
80# Driver interface for generic Linux wireless extensions
81CONFIG_DRIVER_WEXT=y
82
83# Driver interface for Linux drivers using the nl80211 kernel interface
84CONFIG_LIBNL20=y
85CONFIG_DRIVER_NL80211=y
86
87# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
88#CONFIG_DRIVER_BSD=y
89#CFLAGS += -I/usr/local/include
90#LIBS += -L/usr/local/lib
91#LIBS_p += -L/usr/local/lib
92#LIBS_c += -L/usr/local/lib
93
94# Driver interface for Windows NDIS
95#CONFIG_DRIVER_NDIS=y
96#CFLAGS += -I/usr/include/w32api/ddk
97#LIBS += -L/usr/local/lib
98# For native build using mingw
99#CONFIG_NATIVE_WINDOWS=y
100# Additional directories for cross-compilation on Linux host for mingw target
101#CFLAGS += -I/opt/mingw/mingw32/include/ddk
102#LIBS += -L/opt/mingw/mingw32/lib
103#CC=mingw32-gcc
104# By default, driver_ndis uses WinPcap for low-level operations. This can be
105# replaced with the following option which replaces WinPcap calls with NDISUIO.
106# However, this requires that WZC is disabled (net stop wzcsvc) before starting
107# wpa_supplicant.
108# CONFIG_USE_NDISUIO=y
109
110# Driver interface for development testing
111#CONFIG_DRIVER_TEST=y
112
113# Include client MLME (management frame processing) for test driver
114# This can be used to test MLME operations in hostapd with the test interface.
115# space.
116#CONFIG_CLIENT_MLME=y
117
118# Driver interface for wired Ethernet drivers
119CONFIG_DRIVER_WIRED=y
120
121# Driver interface for the Broadcom RoboSwitch family
122#CONFIG_DRIVER_ROBOSWITCH=y
123
124# Driver interface for no driver (e.g., WPS ER only)
125#CONFIG_DRIVER_NONE=y
126
127# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
128# included)
129CONFIG_IEEE8021X_EAPOL=y
130
131# EAP-MD5
132CONFIG_EAP_MD5=y
133
134# EAP-MSCHAPv2
135CONFIG_EAP_MSCHAPV2=y
136
137# EAP-TLS
138CONFIG_EAP_TLS=y
139
140# EAL-PEAP
141CONFIG_EAP_PEAP=y
142
143# EAP-TTLS
144CONFIG_EAP_TTLS=y
145
146# EAP-FAST
147# Note: Default OpenSSL package does not include support for all the
148# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
149# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
150# to add the needed functions.
151#CONFIG_EAP_FAST=y
152
153# EAP-GTC
154CONFIG_EAP_GTC=y
155
156# EAP-OTP
157CONFIG_EAP_OTP=y
158
159# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
160#CONFIG_EAP_SIM=y
161
162# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
163#CONFIG_EAP_PSK=y
164
165# EAP-PAX
166#CONFIG_EAP_PAX=y
167
168# LEAP
169CONFIG_EAP_LEAP=y
170
171# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
172#CONFIG_EAP_AKA=y
173
174# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
175# This requires CONFIG_EAP_AKA to be enabled, too.
176#CONFIG_EAP_AKA_PRIME=y
177
178# Enable USIM simulator (Milenage) for EAP-AKA
179#CONFIG_USIM_SIMULATOR=y
180
181# EAP-SAKE
182#CONFIG_EAP_SAKE=y
183
184# EAP-GPSK
185#CONFIG_EAP_GPSK=y
186# Include support for optional SHA256 cipher suite in EAP-GPSK
187#CONFIG_EAP_GPSK_SHA256=y
188
189# EAP-TNC and related Trusted Network Connect support (experimental)
190#CONFIG_EAP_TNC=y
191
192# Wi-Fi Protected Setup (WPS)
193#CONFIG_WPS=y
194
195# EAP-IKEv2
196#CONFIG_EAP_IKEV2=y
197
198# PKCS#12 (PFX) support (used to read private key and certificate file from
199# a file that usually has extension .p12 or .pfx)
200CONFIG_PKCS12=y
201
202# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
203# engine.
204CONFIG_SMARTCARD=y
205
206# PC/SC interface for smartcards (USIM, GSM SIM)
207# Enable this if EAP-SIM or EAP-AKA is included
208#CONFIG_PCSC=y
209
210# Development testing
211#CONFIG_EAPOL_TEST=y
212
213# Select control interface backend for external programs, e.g, wpa_cli:
214# unix = UNIX domain sockets (default for Linux/*BSD)
215# udp = UDP sockets using localhost (127.0.0.1)
216# named_pipe = Windows Named Pipe (default for Windows)
217# y = use default (backwards compatibility)
218# If this option is commented out, control interface is not included in the
219# build.
220CONFIG_CTRL_IFACE=y
221
222# Include support for GNU Readline and History Libraries in wpa_cli.
223# When building a wpa_cli binary for distribution, please note that these
224# libraries are licensed under GPL and as such, BSD license may not apply for
225# the resulting binary.
226#CONFIG_READLINE=y
227
228# Remove debugging code that is printing out debug message to stdout.
229# This can be used to reduce the size of the wpa_supplicant considerably
230# if debugging code is not needed. The size reduction can be around 35%
231# (e.g., 90 kB).
232#CONFIG_NO_STDOUT_DEBUG=y
233
234# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
235# 35-50 kB in code size.
236#CONFIG_NO_WPA=y
237
238# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
239# save about 1 kB in code size when building only WPA-Personal (no EAP support)
240# or 6 kB if building for WPA-Enterprise.
241#CONFIG_NO_WPA2=y
242
243# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
244# This option can be used to reduce code size by removing support for
245# converting ASCII passphrases into PSK. If this functionality is removed, the
246# PSK can only be configured as the 64-octet hexstring (e.g., from
247# wpa_passphrase). This saves about 0.5 kB in code size.
248#CONFIG_NO_WPA_PASSPHRASE=y
249
250# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
251# This can be used if ap_scan=1 mode is never enabled.
252#CONFIG_NO_SCAN_PROCESSING=y
253
254# Select configuration backend:
255# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
256# path is given on command line, not here; this option is just used to
257# select the backend that allows configuration files to be used)
258# winreg = Windows registry (see win_example.reg for an example)
259CONFIG_BACKEND=file
260
261# Remove configuration write functionality (i.e., to allow the configuration
262# file to be updated based on runtime configuration changes). The runtime
263# configuration can still be changed, the changes are just not going to be
264# persistent over restarts. This option can be used to reduce code size by
265# about 3.5 kB.
266#CONFIG_NO_CONFIG_WRITE=y
267
268# Remove support for configuration blobs to reduce code size by about 1.5 kB.
269#CONFIG_NO_CONFIG_BLOBS=y
270
271# Select program entry point implementation:
272# main = UNIX/POSIX like main() function (default)
273# main_winsvc = Windows service (read parameters from registry)
274# main_none = Very basic example (development use only)
275#CONFIG_MAIN=main
276
277# Select wrapper for operatins system and C library specific functions
278# unix = UNIX/POSIX like systems (default)
279# win32 = Windows systems
280# none = Empty template
281#CONFIG_OS=unix
282
283# Select event loop implementation
284# eloop = select() loop (default)
285# eloop_win = Windows events and WaitForMultipleObject() loop
286# eloop_none = Empty template
287#CONFIG_ELOOP=eloop
288
289# Select layer 2 packet implementation
290# linux = Linux packet socket (default)
291# pcap = libpcap/libdnet/WinPcap
292# freebsd = FreeBSD libpcap
293# winpcap = WinPcap with receive thread
294# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
295# none = Empty template
296#CONFIG_L2_PACKET=linux
297
298# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
299CONFIG_PEERKEY=y
300
301# IEEE 802.11w (management frame protection)
302# This version is an experimental implementation based on IEEE 802.11w/D1.0
303# draft and is subject to change since the standard has not yet been finalized.
304# Driver support is also needed for IEEE 802.11w.
305#CONFIG_IEEE80211W=y
306
307# Select TLS implementation
308# openssl = OpenSSL (default)
309# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
310# internal = Internal TLSv1 implementation (experimental)
311# none = Empty template
312#CONFIG_TLS=openssl
313
314# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
315# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
316# even though the core GnuTLS library is released under LGPL, this extra
317# library uses GPL and as such, the terms of GPL apply to the combination
318# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
319# apply for distribution of the resulting binary.
320#CONFIG_GNUTLS_EXTRA=y
321
322# If CONFIG_TLS=internal is used, additional library and include paths are
323# needed for LibTomMath. Alternatively, an integrated, minimal version of
324# LibTomMath can be used. See beginning of libtommath.c for details on benefits
325# and drawbacks of this option.
326#CONFIG_INTERNAL_LIBTOMMATH=y
327#ifndef CONFIG_INTERNAL_LIBTOMMATH
328#LTM_PATH=/usr/src/libtommath-0.39
329#CFLAGS += -I$(LTM_PATH)
330#LIBS += -L$(LTM_PATH)
331#LIBS_p += -L$(LTM_PATH)
332#endif
333# At the cost of about 4 kB of additional binary size, the internal LibTomMath
334# can be configured to include faster routines for exptmod, sqr, and div to
335# speed up DH and RSA calculation considerably
336#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
337
338# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
339# This is only for Windows builds and requires WMI-related header files and
340# WbemUuid.Lib from Platform SDK even when building with MinGW.
341#CONFIG_NDIS_EVENTS_INTEGRATED=y
342#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
343
344# Add support for old DBus control interface
345# (fi.epitest.hostap.WPASupplicant)
346#CONFIG_CTRL_IFACE_DBUS=y
347
348# Add support for new DBus control interface
349# (fi.w1.hostap.wpa_supplicant1)
350#CONFIG_CTRL_IFACE_DBUS_NEW=y
351
352# Add introspection support for new DBus control interface
353#CONFIG_CTRL_IFACE_DBUS_INTRO=y
354
355# Add support for loading EAP methods dynamically as shared libraries.
356# When this option is enabled, each EAP method can be either included
357# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
358# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
359# be loaded in the beginning of the wpa_supplicant configuration file
360# (see load_dynamic_eap parameter in the example file) before being used in
361# the network blocks.
362#
363# Note that some shared parts of EAP methods are included in the main program
364# and in order to be able to use dynamic EAP methods using these parts, the
365# main program must have been build with the EAP method enabled (=y or =dyn).
366# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
367# unless at least one of them was included in the main build to force inclusion
368# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
369# in the main build to be able to load these methods dynamically.
370#
371# Please also note that using dynamic libraries will increase the total binary
372# size. Thus, it may not be the best option for targets that have limited
373# amount of memory/flash.
374#CONFIG_DYNAMIC_EAP_METHODS=y
375
376# IEEE Std 802.11r-2008 (Fast BSS Transition)
377#CONFIG_IEEE80211R=y
378
379# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
380#CONFIG_DEBUG_FILE=y
381
382# Enable privilege separation (see README 'Privilege separation' for details)
383#CONFIG_PRIVSEP=y
384
385# Enable mitigation against certain attacks against TKIP by delaying Michael
386# MIC error reports by a random amount of time between 0 and 60 seconds
387#CONFIG_DELAYED_MIC_ERROR_REPORT=y
388
389# Enable tracing code for developer debugging
390# This tracks use of memory allocations and other registrations and reports
391# incorrect use with a backtrace of call (or allocation) location.
392#CONFIG_WPA_TRACE=y
393# For BSD, comment out these.
394#LIBS += -lexecinfo
395#LIBS_p += -lexecinfo
396#LIBS_c += -lexecinfo
397
398# Use libbfd to get more details for developer debugging
399# This enables use of libbfd to get more detailed symbols for the backtraces
400# generated by CONFIG_WPA_TRACE=y.
401#CONFIG_WPA_TRACE_BFD=y
402# For BSD, comment out these.
403#LIBS += -lbfd -liberty -lz
404#LIBS_p += -lbfd -liberty -lz
405#LIBS_c += -lbfd -liberty -lz
406CONFIG_TLS = gnutls
407#CONFIG_GNUTLS_EXTRA=y
408CONFIG_CTRL_IFACE_DBUS=y
409CONFIG_CTRL_IFACE_DBUS_NEW=y
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa-supplicant.sh
new file mode 100644
index 0000000000..5c9e5d33a7
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa-supplicant.sh
@@ -0,0 +1,85 @@
1#!/bin/sh
2
3
4WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
5WPA_SUP_PNAME="wpa_supplicant"
6WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
7WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
8
9VERBOSITY=0
10
11
12if [ -s "$IF_WPA_CONF" ]; then
13 WPA_SUP_CONF="-c $IF_WPA_CONF"
14else
15 exit 0
16fi
17
18if [ ! -x "$WPA_SUP_BIN" ]; then
19
20 if [ "$VERBOSITY" = "1" ]; then
21 echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN"
22 fi
23
24 exit 1
25fi
26
27if [ "$MODE" = "start" ] ; then
28 # driver type of interface, defaults to wext when undefined
29 if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then
30 IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE")
31 elif [ -z "$IF_WPA_DRIVER" ]; then
32
33 if [ "$VERBOSITY" = "1" ]; then
34 echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\""
35 fi
36
37 IF_WPA_DRIVER="wext"
38 fi
39
40 # if we have passed the criteria, start wpa_supplicant
41 if [ -n "$WPA_SUP_CONF" ]; then
42
43 if [ "$VERBOSITY" = "1" ]; then
44 echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER"
45 fi
46
47 start-stop-daemon --start --quiet \
48 --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
49 -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER
50 fi
51
52 # if the interface socket exists, then wpa_supplicant was invoked successfully
53 if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
54
55 if [ "$VERBOSITY" = "1" ]; then
56 echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE"
57 fi
58
59 exit 0
60
61 fi
62
63elif [ "$MODE" = "stop" ]; then
64
65 if [ -f "$WPA_SUP_PIDFILE" ]; then
66
67 if [ "$VERBOSITY" = "1" ]; then
68 echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon"
69 fi
70
71 start-stop-daemon --stop --quiet \
72 --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE
73
74 if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
75 rm -f $WPA_COMMON_CTRL_IFACE/$IFACE
76 fi
77
78 if [ -f "$WPA_SUP_PIDFILE" ]; then
79 rm -f $WPA_SUP_PIDFILE
80 fi
81 fi
82
83fi
84
85exit 0
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf
new file mode 100644
index 0000000000..68258f5ee2
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf
@@ -0,0 +1,690 @@
1##### Example wpa_supplicant configuration file ###############################
2#
3# This file describes configuration file format and lists all available option.
4# Please also take a look at simpler configuration examples in 'examples'
5# subdirectory.
6#
7# Empty lines and lines starting with # are ignored
8
9# NOTE! This file may contain password information and should probably be made
10# readable only by root user on multiuser systems.
11
12# Note: All file paths in this configuration file should use full (absolute,
13# not relative to working directory) path in order to allow working directory
14# to be changed. This can happen if wpa_supplicant is run in the background.
15
16# Whether to allow wpa_supplicant to update (overwrite) configuration
17#
18# This option can be used to allow wpa_supplicant to overwrite configuration
19# file whenever configuration is changed (e.g., new network block is added with
20# wpa_cli or wpa_gui, or a password is changed). This is required for
21# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
22# Please note that overwriting configuration file will remove the comments from
23# it.
24#update_config=1
25
26# global configuration (shared by all network blocks)
27#
28# Parameters for the control interface. If this is specified, wpa_supplicant
29# will open a control interface that is available for external programs to
30# manage wpa_supplicant. The meaning of this string depends on which control
31# interface mechanism is used. For all cases, the existence of this parameter
32# in configuration is used to determine whether the control interface is
33# enabled.
34#
35# For UNIX domain sockets (default on Linux and BSD): This is a directory that
36# will be created for UNIX domain sockets for listening to requests from
37# external programs (CLI/GUI, etc.) for status information and configuration.
38# The socket file will be named based on the interface name, so multiple
39# wpa_supplicant processes can be run at the same time if more than one
40# interface is used.
41# /var/run/wpa_supplicant is the recommended directory for sockets and by
42# default, wpa_cli will use it when trying to connect with wpa_supplicant.
43#
44# Access control for the control interface can be configured by setting the
45# directory to allow only members of a group to use sockets. This way, it is
46# possible to run wpa_supplicant as root (since it needs to change network
47# configuration and open raw sockets) and still allow GUI/CLI components to be
48# run as non-root users. However, since the control interface can be used to
49# change the network configuration, this access needs to be protected in many
50# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
51# want to allow non-root users to use the control interface, add a new group
52# and change this value to match with that group. Add users that should have
53# control interface access to this group. If this variable is commented out or
54# not included in the configuration file, group will not be changed from the
55# value it got by default when the directory or socket was created.
56#
57# When configuring both the directory and group, use following format:
58# DIR=/var/run/wpa_supplicant GROUP=wheel
59# DIR=/var/run/wpa_supplicant GROUP=0
60# (group can be either group name or gid)
61#
62# For UDP connections (default on Windows): The value will be ignored. This
63# variable is just used to select that the control interface is to be created.
64# The value can be set to, e.g., udp (ctrl_interface=udp)
65#
66# For Windows Named Pipe: This value can be used to set the security descriptor
67# for controlling access to the control interface. Security descriptor can be
68# set using Security Descriptor String Format (see http://msdn.microsoft.com/
69# library/default.asp?url=/library/en-us/secauthz/security/
70# security_descriptor_string_format.asp). The descriptor string needs to be
71# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
72# DACL (which will reject all connections). See README-Windows.txt for more
73# information about SDDL string format.
74#
75ctrl_interface=/var/run/wpa_supplicant
76
77# IEEE 802.1X/EAPOL version
78# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
79# EAPOL version 2. However, there are many APs that do not handle the new
80# version number correctly (they seem to drop the frames completely). In order
81# to make wpa_supplicant interoperate with these APs, the version number is set
82# to 1 by default. This configuration value can be used to set it to the new
83# version (2).
84eapol_version=1
85
86# AP scanning/selection
87# By default, wpa_supplicant requests driver to perform AP scanning and then
88# uses the scan results to select a suitable AP. Another alternative is to
89# allow the driver to take care of AP scanning and selection and use
90# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
91# information from the driver.
92# 1: wpa_supplicant initiates scanning and AP selection
93# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
94# parameters (e.g., WPA IE generation); this mode can also be used with
95# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
96# APs (i.e., external program needs to control association). This mode must
97# also be used when using wired Ethernet drivers.
98# 2: like 0, but associate with APs using security policy and SSID (but not
99# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
100# enable operation with hidden SSIDs and optimized roaming; in this mode,
101# the network blocks in the configuration file are tried one by one until
102# the driver reports successful association; each network block should have
103# explicit security policy (i.e., only one option in the lists) for
104# key_mgmt, pairwise, group, proto variables
105ap_scan=1
106
107# EAP fast re-authentication
108# By default, fast re-authentication is enabled for all EAP methods that
109# support it. This variable can be used to disable fast re-authentication.
110# Normally, there is no need to disable this.
111fast_reauth=1
112
113# OpenSSL Engine support
114# These options can be used to load OpenSSL engines.
115# The two engines that are supported currently are shown below:
116# They are both from the opensc project (http://www.opensc.org/)
117# By default no engines are loaded.
118# make the opensc engine available
119#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
120# make the pkcs11 engine available
121#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
122# configure the path to the pkcs11 module required by the pkcs11 engine
123#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
124
125# Dynamic EAP methods
126# If EAP methods were built dynamically as shared object files, they need to be
127# loaded here before being used in the network blocks. By default, EAP methods
128# are included statically in the build, so these lines are not needed
129#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
130#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
131
132# Driver interface parameters
133# This field can be used to configure arbitrary driver interace parameters. The
134# format is specific to the selected driver interface. This field is not used
135# in most cases.
136#driver_param="field=value"
137
138# Maximum lifetime for PMKSA in seconds; default 43200
139#dot11RSNAConfigPMKLifetime=43200
140# Threshold for reauthentication (percentage of PMK lifetime); default 70
141#dot11RSNAConfigPMKReauthThreshold=70
142# Timeout for security association negotiation in seconds; default 60
143#dot11RSNAConfigSATimeout=60
144
145# network block
146#
147# Each network (usually AP's sharing the same SSID) is configured as a separate
148# block in this configuration file. The network blocks are in preference order
149# (the first match is used).
150#
151# network block fields:
152#
153# disabled:
154# 0 = this network can be used (default)
155# 1 = this network block is disabled (can be enabled through ctrl_iface,
156# e.g., with wpa_cli or wpa_gui)
157#
158# id_str: Network identifier string for external scripts. This value is passed
159# to external action script through wpa_cli as WPA_ID_STR environment
160# variable to make it easier to do network specific configuration.
161#
162# ssid: SSID (mandatory); either as an ASCII string with double quotation or
163# as hex string; network name
164#
165# scan_ssid:
166# 0 = do not scan this SSID with specific Probe Request frames (default)
167# 1 = scan with SSID-specific Probe Request frames (this can be used to
168# find APs that do not accept broadcast SSID or use multiple SSIDs;
169# this will add latency to scanning, so enable this only when needed)
170#
171# bssid: BSSID (optional); if set, this network block is used only when
172# associating with the AP using the configured BSSID
173#
174# priority: priority group (integer)
175# By default, all networks will get same priority group (0). If some of the
176# networks are more desirable, this field can be used to change the order in
177# which wpa_supplicant goes through the networks when selecting a BSS. The
178# priority groups will be iterated in decreasing priority (i.e., the larger the
179# priority value, the sooner the network is matched against the scan results).
180# Within each priority group, networks will be selected based on security
181# policy, signal strength, etc.
182# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
183# using this priority to select the order for scanning. Instead, they try the
184# networks in the order that used in the configuration file.
185#
186# mode: IEEE 802.11 operation mode
187# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
188# 1 = IBSS (ad-hoc, peer-to-peer)
189# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
190# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
191# to be set to 2 for IBSS. WPA-None requires following network block options:
192# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
193# both), and psk must also be set.
194#
195# proto: list of accepted protocols
196# WPA = WPA/IEEE 802.11i/D3.0
197# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
198# If not set, this defaults to: WPA RSN
199#
200# key_mgmt: list of accepted authenticated key management protocols
201# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
202# WPA-EAP = WPA using EAP authentication (this can use an external
203# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
204# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
205# generated WEP keys
206# NONE = WPA is not used; plaintext or static WEP could be used
207# If not set, this defaults to: WPA-PSK WPA-EAP
208#
209# auth_alg: list of allowed IEEE 802.11 authentication algorithms
210# OPEN = Open System authentication (required for WPA/WPA2)
211# SHARED = Shared Key authentication (requires static WEP keys)
212# LEAP = LEAP/Network EAP (only used with LEAP)
213# If not set, automatic selection is used (Open System with LEAP enabled if
214# LEAP is allowed as one of the EAP methods).
215#
216# pairwise: list of accepted pairwise (unicast) ciphers for WPA
217# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
218# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
219# NONE = Use only Group Keys (deprecated, should not be included if APs support
220# pairwise keys)
221# If not set, this defaults to: CCMP TKIP
222#
223# group: list of accepted group (broadcast/multicast) ciphers for WPA
224# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
225# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
226# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
227# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
228# If not set, this defaults to: CCMP TKIP WEP104 WEP40
229#
230# psk: WPA preshared key; 256-bit pre-shared key
231# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
232# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
233# generated using the passphrase and SSID). ASCII passphrase must be between
234# 8 and 63 characters (inclusive).
235# This field is not needed, if WPA-EAP is used.
236# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
237# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
238# startup and reconfiguration time can be optimized by generating the PSK only
239# only when the passphrase or SSID has actually changed.
240#
241# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
242# Dynamic WEP key required for non-WPA mode
243# bit0 (1): require dynamically generated unicast WEP key
244# bit1 (2): require dynamically generated broadcast WEP key
245# (3 = require both keys; default)
246# Note: When using wired authentication, eapol_flags must be set to 0 for the
247# authentication to be completed successfully.
248#
249# proactive_key_caching:
250# Enable/disable opportunistic PMKSA caching for WPA2.
251# 0 = disabled (default)
252# 1 = enabled
253#
254# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
255# hex without quotation, e.g., 0102030405)
256# wep_tx_keyidx: Default WEP key index (TX) (0..3)
257#
258# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is
259# allowed. This is only used with RSN/WPA2.
260# 0 = disabled (default)
261# 1 = enabled
262#peerkey=1
263#
264# Following fields are only used with internal EAP implementation.
265# eap: space-separated list of accepted EAP methods
266# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
267# cannot be used with WPA; to be used as a Phase 2 method
268# with EAP-PEAP or EAP-TTLS)
269# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
270# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
271# OTP = EAP-OTP (cannot be used separately with WPA; to be used
272# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
273# GTC = EAP-GTC (cannot be used separately with WPA; to be used
274# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
275# TLS = EAP-TLS (client and server certificate)
276# PEAP = EAP-PEAP (with tunnelled EAP authentication)
277# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
278# authentication)
279# If not set, all compiled in methods are allowed.
280#
281# identity: Identity string for EAP
282# anonymous_identity: Anonymous identity string for EAP (to be used as the
283# unencrypted identity with EAP types that support different tunnelled
284# identity, e.g., EAP-TTLS)
285# password: Password string for EAP
286# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
287# or more trusted CA certificates. If ca_cert and ca_path are not
288# included, server certificate will not be verified. This is insecure and
289# a trusted CA certificate should always be configured when using
290# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
291# change when wpa_supplicant is run in the background.
292# On Windows, trusted CA certificates can be loaded from the system
293# certificate store by setting this to cert_store://<name>, e.g.,
294# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
295# Note that when running wpa_supplicant as an application, the user
296# certificate store (My user account) is used, whereas computer store
297# (Computer account) is used when running wpasvc as a service.
298# ca_path: Directory path for CA certificate files (PEM). This path may
299# contain multiple CA certificates in OpenSSL format. Common use for this
300# is to point to system trusted CA list which is often installed into
301# directory like /etc/ssl/certs. If configured, these certificates are
302# added to the list of trusted CAs. ca_cert may also be included in that
303# case, but it is not required.
304# client_cert: File path to client certificate file (PEM/DER)
305# Full path should be used since working directory may change when
306# wpa_supplicant is run in the background.
307# Alternatively, a named configuration blob can be used by setting this
308# to blob://<blob name>.
309# private_key: File path to client private key file (PEM/DER/PFX)
310# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
311# commented out. Both the private key and certificate will be read from
312# the PKCS#12 file in this case. Full path should be used since working
313# directory may change when wpa_supplicant is run in the background.
314# Windows certificate store can be used by leaving client_cert out and
315# configuring private_key in one of the following formats:
316# cert://substring_to_match
317# hash://certificate_thumbprint_in_hex
318# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
319# Note that when running wpa_supplicant as an application, the user
320# certificate store (My user account) is used, whereas computer store
321# (Computer account) is used when running wpasvc as a service.
322# Alternatively, a named configuration blob can be used by setting this
323# to blob://<blob name>.
324# private_key_passwd: Password for private key file (if left out, this will be
325# asked through control interface)
326# dh_file: File path to DH/DSA parameters file (in PEM format)
327# This is an optional configuration file for setting parameters for an
328# ephemeral DH key exchange. In most cases, the default RSA
329# authentication does not use this configuration. However, it is possible
330# setup RSA to use ephemeral DH key exchange. In addition, ciphers with
331# DSA keys always use ephemeral DH keys. This can be used to achieve
332# forward secrecy. If the file is in DSA parameters format, it will be
333# automatically converted into DH params.
334# subject_match: Substring to be matched against the subject of the
335# authentication server certificate. If this string is set, the server
336# sertificate is only accepted if it contains this string in the subject.
337# The subject string is in following format:
338# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
339# altsubject_match: Semicolon separated string of entries to be matched against
340# the alternative subject name of the authentication server certificate.
341# If this string is set, the server sertificate is only accepted if it
342# contains one of the entries in an alternative subject name extension.
343# altSubjectName string is in following format: TYPE:VALUE
344# Example: EMAIL:server@example.com
345# Example: DNS:server.example.com;DNS:server2.example.com
346# Following types are supported: EMAIL, DNS, URI
347# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
348# (string with field-value pairs, e.g., "peapver=0" or
349# "peapver=1 peaplabel=1")
350# 'peapver' can be used to force which PEAP version (0 or 1) is used.
351# 'peaplabel=1' can be used to force new label, "client PEAP encryption",
352# to be used during key derivation when PEAPv1 or newer. Most existing
353# PEAPv1 implementation seem to be using the old label, "client EAP
354# encryption", and wpa_supplicant is now using that as the default value.
355# Some servers, e.g., Radiator, may require peaplabel=1 configuration to
356# interoperate with PEAPv1; see eap_testing.txt for more details.
357# 'peap_outer_success=0' can be used to terminate PEAP authentication on
358# tunneled EAP-Success. This is required with some RADIUS servers that
359# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
360# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
361# include_tls_length=1 can be used to force wpa_supplicant to include
362# TLS Message Length field in all TLS messages even if they are not
363# fragmented.
364# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
365# challenges (by default, it accepts 2 or 3)
366# phase2: Phase2 (inner authentication with TLS tunnel) parameters
367# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
368# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
369# Following certificate/private key fields are used in inner Phase2
370# authentication when using EAP-TTLS or EAP-PEAP.
371# ca_cert2: File path to CA certificate file. This file can have one or more
372# trusted CA certificates. If ca_cert2 and ca_path2 are not included,
373# server certificate will not be verified. This is insecure and a trusted
374# CA certificate should always be configured.
375# ca_path2: Directory path for CA certificate files (PEM)
376# client_cert2: File path to client certificate file
377# private_key2: File path to client private key file
378# private_key2_passwd: Password for private key file
379# dh_file2: File path to DH/DSA parameters file (in PEM format)
380# subject_match2: Substring to be matched against the subject of the
381# authentication server certificate.
382# altsubject_match2: Substring to be matched against the alternative subject
383# name of the authentication server certificate.
384#
385# fragment_size: Maximum EAP fragment size in bytes (default 1398).
386# This value limits the fragment size for EAP methods that support
387# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
388# small enough to make the EAP messages fit in MTU of the network
389# interface used for EAPOL. The default value is suitable for most
390# cases.
391#
392# EAP-PSK variables:
393# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
394# nai: user NAI
395#
396# EAP-PAX variables:
397# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
398#
399# EAP-SAKE variables:
400# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
401# (this is concatenation of Root-Secret-A and Root-Secret-B)
402# nai: user NAI (PEERID)
403#
404# EAP-GPSK variables:
405# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
406# nai: user NAI (ID_Client)
407#
408# EAP-FAST variables:
409# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
410# to create this file and write updates to it when PAC is being
411# provisioned or refreshed. Full path to the file should be used since
412# working directory may change when wpa_supplicant is run in the
413# background. Alternatively, a named configuration blob can be used by
414# setting this to blob://<blob name>
415# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
416# credentials (PAC)
417#
418# wpa_supplicant supports number of "EAP workarounds" to work around
419# interoperability issues with incorrectly behaving authentication servers.
420# These are enabled by default because some of the issues are present in large
421# number of authentication servers. Strict EAP conformance mode can be
422# configured by disabling workarounds with eap_workaround=0.
423
424# Example blocks:
425
426# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
427network={
428 ssid="simple"
429 psk="very secret passphrase"
430 priority=5
431}
432
433# Same as previous, but request SSID-specific scanning (for APs that reject
434# broadcast SSID)
435network={
436 ssid="second ssid"
437 scan_ssid=1
438 psk="very secret passphrase"
439 priority=2
440}
441
442# Only WPA-PSK is used. Any valid cipher combination is accepted.
443network={
444 ssid="example"
445 proto=WPA
446 key_mgmt=WPA-PSK
447 pairwise=CCMP TKIP
448 group=CCMP TKIP WEP104 WEP40
449 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
450 priority=2
451}
452
453# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
454# or WEP40 as the group cipher will not be accepted.
455network={
456 ssid="example"
457 proto=RSN
458 key_mgmt=WPA-EAP
459 pairwise=CCMP TKIP
460 group=CCMP TKIP
461 eap=TLS
462 identity="user@example.com"
463 ca_cert="/etc/cert/ca.pem"
464 client_cert="/etc/cert/user.pem"
465 private_key="/etc/cert/user.prv"
466 private_key_passwd="password"
467 priority=1
468}
469
470# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
471# (e.g., Radiator)
472network={
473 ssid="example"
474 key_mgmt=WPA-EAP
475 eap=PEAP
476 identity="user@example.com"
477 password="foobar"
478 ca_cert="/etc/cert/ca.pem"
479 phase1="peaplabel=1"
480 phase2="auth=MSCHAPV2"
481 priority=10
482}
483
484# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
485# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
486network={
487 ssid="example"
488 key_mgmt=WPA-EAP
489 eap=TTLS
490 identity="user@example.com"
491 anonymous_identity="anonymous@example.com"
492 password="foobar"
493 ca_cert="/etc/cert/ca.pem"
494 priority=2
495}
496
497# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
498# use. Real identity is sent only within an encrypted TLS tunnel.
499network={
500 ssid="example"
501 key_mgmt=WPA-EAP
502 eap=TTLS
503 identity="user@example.com"
504 anonymous_identity="anonymous@example.com"
505 password="foobar"
506 ca_cert="/etc/cert/ca.pem"
507 phase2="auth=MSCHAPV2"
508}
509
510# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
511# authentication.
512network={
513 ssid="example"
514 key_mgmt=WPA-EAP
515 eap=TTLS
516 # Phase1 / outer authentication
517 anonymous_identity="anonymous@example.com"
518 ca_cert="/etc/cert/ca.pem"
519 # Phase 2 / inner authentication
520 phase2="autheap=TLS"
521 ca_cert2="/etc/cert/ca2.pem"
522 client_cert2="/etc/cer/user.pem"
523 private_key2="/etc/cer/user.prv"
524 private_key2_passwd="password"
525 priority=2
526}
527
528# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
529# group cipher.
530network={
531 ssid="example"
532 bssid=00:11:22:33:44:55
533 proto=WPA RSN
534 key_mgmt=WPA-PSK WPA-EAP
535 pairwise=CCMP
536 group=CCMP
537 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
538}
539
540# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
541# and all valid ciphers.
542network={
543 ssid=00010203
544 psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
545}
546
547
548# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
549# EAP-TLS for authentication and key generation; require both unicast and
550# broadcast WEP keys.
551network={
552 ssid="1x-test"
553 key_mgmt=IEEE8021X
554 eap=TLS
555 identity="user@example.com"
556 ca_cert="/etc/cert/ca.pem"
557 client_cert="/etc/cert/user.pem"
558 private_key="/etc/cert/user.prv"
559 private_key_passwd="password"
560 eapol_flags=3
561}
562
563
564# LEAP with dynamic WEP keys
565network={
566 ssid="leap-example"
567 key_mgmt=IEEE8021X
568 eap=LEAP
569 identity="user"
570 password="foobar"
571}
572
573# Plaintext connection (no WPA, no IEEE 802.1X)
574network={
575 ssid="plaintext-test"
576 key_mgmt=NONE
577}
578
579
580# Shared WEP key connection (no WPA, no IEEE 802.1X)
581network={
582 ssid="static-wep-test"
583 key_mgmt=NONE
584 wep_key0="abcde"
585 wep_key1=0102030405
586 wep_key2="1234567890123"
587 wep_tx_keyidx=0
588 priority=5
589}
590
591
592# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
593# IEEE 802.11 authentication
594network={
595 ssid="static-wep-test2"
596 key_mgmt=NONE
597 wep_key0="abcde"
598 wep_key1=0102030405
599 wep_key2="1234567890123"
600 wep_tx_keyidx=0
601 priority=5
602 auth_alg=SHARED
603}
604
605
606# IBSS/ad-hoc network with WPA-None/TKIP.
607network={
608 ssid="test adhoc"
609 mode=1
610 proto=WPA
611 key_mgmt=WPA-NONE
612 pairwise=NONE
613 group=TKIP
614 psk="secret passphrase"
615}
616
617
618# Catch all example that allows more or less all configuration modes
619network={
620 ssid="example"
621 scan_ssid=1
622 key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
623 pairwise=CCMP TKIP
624 group=CCMP TKIP WEP104 WEP40
625 psk="very secret passphrase"
626 eap=TTLS PEAP TLS
627 identity="user@example.com"
628 password="foobar"
629 ca_cert="/etc/cert/ca.pem"
630 client_cert="/etc/cert/user.pem"
631 private_key="/etc/cert/user.prv"
632 private_key_passwd="password"
633 phase1="peaplabel=0"
634}
635
636# Example of EAP-TLS with smartcard (openssl engine)
637network={
638 ssid="example"
639 key_mgmt=WPA-EAP
640 eap=TLS
641 proto=RSN
642 pairwise=CCMP TKIP
643 group=CCMP TKIP
644 identity="user@example.com"
645 ca_cert="/etc/cert/ca.pem"
646 client_cert="/etc/cert/user.pem"
647
648 engine=1
649
650 # The engine configured here must be available. Look at
651 # OpenSSL engine support in the global section.
652 # The key available through the engine must be the private key
653 # matching the client certificate configured above.
654
655 # use the opensc engine
656 #engine_id="opensc"
657 #key_id="45"
658
659 # use the pkcs11 engine
660 engine_id="pkcs11"
661 key_id="id_45"
662
663 # Optional PIN configuration; this can be left out and PIN will be
664 # asked through the control interface
665 pin="1234"
666}
667
668# Example configuration showing how to use an inlined blob as a CA certificate
669# data instead of using external file
670network={
671 ssid="example"
672 key_mgmt=WPA-EAP
673 eap=TTLS
674 identity="user@example.com"
675 anonymous_identity="anonymous@example.com"
676 password="foobar"
677 ca_cert="blob://exampleblob"
678 priority=20
679}
680
681blob-base64-exampleblob={
682SGVsbG8gV29ybGQhCg==
683}
684
685
686# Wildcard match for SSID (plaintext APs only). This example select any
687# open AP regardless of its SSID.
688network={
689 key_mgmt=NONE
690}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf-sane b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf-sane
new file mode 100644
index 0000000000..c91ffe0c84
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant-1.0/wpa_supplicant.conf-sane
@@ -0,0 +1,7 @@
1ctrl_interface=/var/run/wpa_supplicant
2ctrl_interface_group=0
3update_config=1
4
5network={
6 key_mgmt=NONE
7}