Lines Matching full:for
1 ChangeLog for hostapd
9 - added support for the hash-to-element mechanism (sae_pwe=1 or
12 - added support for SAE-PK
20 * added support for using OpenSSL 3.0
21 * fixed various issues in experimental support for EAP-TEAP server
24 support cases with very large certificates) for the EAP server
25 * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
29 * dropped support for libnl 1.1
30 * added support for nl80211 control port for EAPOL frame TX/RX
32 compatibility for these groups while the default group 19 remains
34 a workaround for the group 20/21 backwards compatibility
35 * added support for Beacon protection
36 * added support for Extended Key ID for pairwise keys
40 * added support for Transition Disable mechanism to allow the AP to
42 * added support for PASN
43 * added EAP-TLS server support for TLS 1.3 (disabled by default for now)
59 * added support for regulatory WMM limitation (for ETSI)
60 * added support for MACsec Key Agreement using IEEE 802.1X/PSK
61 * added experimental support for EAP-TEAP server (RFC 7170)
62 * added experimental support for EAP-TLS server with TLS v1.3
63 * added support for two server certificates/keys (RSA/ECC)
65 determine with AKM was used for an association
72 - added support for SAE Password Identifier
100 - added support for release number 3
102 * added support for RSN operating channel validation
107 * added FT/RRB workaround for short Ethernet frame padding
108 * fixed KEK2 derivation for FILS+FT
117 for PSK (wps_cred_add_sae=1)
120 in preparation for DPP protocol extension
129 * added support for FILS (IEEE 802.11ai) shared key authentication
130 * added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
132 * added support for DPP (Wi-Fi Device Provisioning Protocol)
134 - added local generation of PMK-R0/PMK-R1 for FT-PSK
140 - added support for wildcard R0KH/R1KH
143 - fixed wpa_psk_file use for FT-PSK
147 - added support for SHA384 based AKM
150 - added support for configuring SAE password separately of the
152 - added option to require MFP for SAE associations
155 for SAE;
159 - added support for Password Identifier
160 * hostapd_cli: added support for command history and completion
161 * added support for requesting beacon report
168 * added support for using wolfSSL cryptographic library
172 - added support for setting Venue URL ANQP-element (venue_url)
173 - added support for advertising Hotspot 2.0 operator icons
174 - added support for Roaming Consortium Selection element
175 - added support for Terms and Conditions
176 - added support for OSEN connection in a shared RSN BSS
177 * added support for using OpenSSL 1.1.1
178 * added EAP-pwd server support for salted passwords
185 * extended channel switch support for VHT bandwidth changes
186 * added support for configuring new ANQP-elements with
191 frame sending for not-associated STAs if max_num_sta limit has been
197 * EAP-pwd: added support for Brainpool Elliptic Curves
200 * fixed FTIE generation for 4-way handshake after FT protocol run
207 - minimal support for PKCS #12
209 * added support for OpenSSL 1.1 API changes
210 - drop support for OpenSSL 0.9.8
211 - drop support for OpenSSL 1.0.0
219 - allow server to provide PSK instead of passphrase for WPA-PSK
221 - update full message for interim accounting updates
228 * VHT: added interoperability workaround for 80+80 and 160 MHz channels
232 - added support for full station state operations
237 * added initial functionality for location related operations
243 - fix TX status processing for Address 3 = wildcard BSSID
267 * disable HT for a station that does not support WMM/QoS
268 * added support for hashed password (NtHash) in EAP-pwd server
270 * added EAP-EKE server support for deriving Session-Id
273 * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
276 * added support for Brainpool Elliptic Curves with SAE
277 * increases maximum value accepted for cwmin/cwmax
278 * added support for CCMP-256 and GCMP-256 as group ciphers with FT
281 (workaround for interoperability issues with iOS 8.4)
282 * added EAP server support for TLS session resumption
283 * fixed key derivation for Suite B 192-bit AKM (this breaks
290 * allow OpenSSL cipher configuration to be set for internal EAP server
295 * add support for Acct-Multi-Session-Id in RADIUS Accounting messages
296 * add support for PMKSA caching with SAE
297 * add support for generating BSS Load element (bss_load_update_period)
300 * add support for learning STA IPv4/IPv6 addresses and configuring
302 * dropped support for the madwifi driver interface
303 * add support for Suite B (128-bit and 192-bit level) key management and
306 * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
310 * add support for EAP Re-Authentication Protocol (ERP)
314 * add support for vendor specific VHT extension to enable 256 QAM rates
322 * allow chanlist to be used to specify a subset of channels for ACS
335 * fixed DFS and channel switch operation for multi-BSS cases
336 * started to use constant time comparison for various password and hash
341 * added support for number of new RADIUS attributes from RFC 7268
346 * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
363 * fixed HT40 co-ex scan for some pri/sec channel switches
366 * fixed HT40 co-ex support to check for overlapping 20 MHz BSS
367 * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
373 * fixed STA validation step for WPS ER commands to prevent a potential
378 * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
380 * added mechanism for removing addresses for MAC ACLs by prefixing an
384 * OSEN network for online signup connection
386 control interface HS20_WNM_NOTIF for testing purposes)
389 control interface WNM_DEAUTH_REQ for testing purposes)
391 * hs20_icon config parameter to configure icon files for OSU
392 * osu_* config parameters for OSU Providers list
404 - fix X.509 validation of PKCS#1 signature to check for extra data
409 - added option for TLS protocol testing of an EAP peer by simulating
411 - MAC ACL support for testing purposes
412 * fixed PTK derivation for CCMP-256 and GCMP-256
417 * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these
419 * added support for postponing FT response in case PMK-R1 needs to be
440 * added support for simultaneous authentication of equals (SAE) for
443 - VHT configuration for nl80211
454 * added support for DFS (processing radar detection events, CAC, channel
458 * added option for using per-BSS (vif) configuration files with
463 * added support for sending debug info to Linux tracing (-T on command
467 * added support for using Protected Dual of Public Action frames for
469 * added support for WPS+NFC updates
471 - option to fetch and report alternative carrier records for external
479 * added number of small changes to make it easier for static analyzers
481 * added a workaround for Windows 7 Michael MIC failure reporting and
483 * fixed number of small bugs (see git logs for more details)
487 - additional information for driver-based AP SME
489 - fix KDF for group 21 and zero-padding
490 - added support for fragmentation
492 * avoid excessive Probe Response retries for broadcast Probe Request
494 * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
496 * added wps_rf_bands configuration parameter for overriding RF Bands
497 value for WPS
498 * added support for getting per-device PSK from RADIUS Tunnel-Password
499 * added support for libnl 3.2 and newer
501 * added a workaround for 4-way handshake to update SNonce even after
503 implementations that can change SNonce for each EAP-Key 2/4
504 * added a workaround for EAPOL-Key 4/4 using incorrect type value in
506 * added a WPS workaround for mixed mode AP Settings with Windows 7
510 * added support for WFA Hotspot 2.0
518 * EAP-AKA: added support for AT_COUNTER_TOO_SMALL
520 * EAP-AKA': fixed identity for MK derivation
525 * added support for canceling WPS operations with hostapd_cli wps_cancel
531 - use 5 bit IND for SQN updates
533 * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
535 * added support for Chargeable-User-Identity (RFC 4372)
539 * added support for RADIUS dynamic authorization server (RFC 5176)
540 * added initial support for WNM operations
544 - removed obsoleted WPS_OOB command (including support for deprecated
546 * added FT support for drivers that implement MLME internally
547 * added SA Query support for drivers that implement MLME internally
553 * added support for configuring GCMP cipher for IEEE 802.11ad
554 * added support for 256-bit AES with internal TLS implementation
559 * limit number of active wildcard PINs for WPS Registrar to one to avoid
561 * added a workaround for WPS PBC session overlap detection to avoid
564 * added support for using SQLite for the eap_user database
567 (do not send QoS frames if the STA did not negotiate use of QoS for
572 * Add support for IEEE 802.11v Time Advertisement mechanism with UTC
573 TSF offset. See hostapd.conf for config info.
577 available with drivers that provide TX status events for Deauth/
581 * atheros: Add support for IEEE 802.11w configuration.
582 * bsd: Add support for setting HT values in IFM_MMASK.
591 * Add support for writing debug log to a file using "-f" option. Also
593 * Add bridge handling for WDS STA interfaces. By default they are
598 - Add wds_bridge command for specifying bridge for WDS STA
600 - Add relog command for reopening log file.
603 - Add wps_config ctrl_interface command for configuring AP. This
607 - Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
609 * WNM: Add BSS Transition Management Request for ESS Disassoc Imminent.
622 - Add mechanism for indicating non-standard WPS errors.
624 - Add wps_check_pin command for processing PIN from user input.
632 - Allow AP to start in Enrollee mode without AP PIN for probing,
646 * WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2)
648 for testing protocol extensibility.
651 - Add support for AuthorizedMACs attribute.
656 * EAP server: Add support for configuring fragment size (see
658 * wlantest: Add a tool wlantest for IEEE802.11 protocol testing.
660 for realtime capturing or from pcap files for offline analysis.
661 * Interworking: Support added for 802.11u. Enable in .config with
662 CONFIG_INTERWORKING. See hostapd.conf for config parameters for
664 * Android: Add build and runtime support for Android hostapd.
665 * Add a new debug message level for excessive information. Use
667 * TLS: Add support for tls_disable_time_checks=1 in client mode.
669 - Add support for TLS v1.1 (RFC 4346). Enable with build parameter
671 - Add domainComponent parser for X.509 names
686 * cleaned up driver wrapper API for multi-BSS operations
698 * hostapd_cli: add support for action script operations (run a script
700 * fix DH padding with internal crypto code (mainly, for WPS)
718 * WPS: add support for dynamically selecting whether to provision the
720 * added support for WDS (4-address frame) mode with per-station virtual
722 driver=nl80211 for now)
735 * added support for external Registrars with WPS (UPnP transport)
736 * 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
739 * added support for WPS USBA out-of-band mechanism with USB Flash
747 standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
754 * driver_nl80211: multiple updates to provide support for new Linux
762 * added support for NFC out-of-band mechanism with WPS
763 * added preliminary support for IEEE 802.11r RIC processing
766 * added support for Wi-Fi Protected Setup (WPS)
768 and provision credentials for WPS Enrollees using PIN and PBC
774 wps_pbc are used to configure WPS negotiation; see README-WPS for
777 * added support for generating Country IE based on nl80211 regulatory
781 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
782 * added support for using driver_test over UDP socket
791 * updated OpenSSL code for EAP-FAST to use an updated version of the
801 * fixed EAP-TLS message processing for the last TLS message if it is
804 * fixed listen interval configuration for nl80211 drivers
807 * added support for SHA-256 as X.509 certificate digest when using the
809 * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
811 * fixed internal TLSv1 implementation for abbreviated handshake (used
813 * added support for setting VLAN ID for STAs based on local MAC ACL
814 (accept_mac_file) as an alternative for RADIUS server-based
819 * added support for using SHA256-based stronger key derivation for WPA2
821 * added new "driver wrapper" for RADIUS-only configuration
825 * changed EAP-FAST configuration to use separate fields for A-ID and
827 16-octet len binary value for better interoperability with some peer
836 * added support for EAP Sequences in EAP-FAST Phase 2
837 * added support for EAP-TNC (Trusted Network Connect)
841 * added support for optional cryptobinding with PEAPv0
842 * added fragmentation support for EAP-TNC
843 * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
845 * added support for opportunistic key caching (OKC)
858 * added a workaround for EAP-SIM/AKA peers that include incorrect null
863 * fixed EAP-SIM Start response processing for fast reauthentication
865 * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
871 * added data structure for storing allocated buffers (struct wpabuf);
875 * added support for protecting EAP-AKA/Identity messages with
877 * added support for protected result indication with AT_RESULT_IND for
879 * added support for configuring EAP-TTLS phase 2 non-EAP methods in
880 EAP server configuration; previously all four were enabled for every
887 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
896 * added support for EAP-FAST server method to the integrated EAP
901 pairwise cipher suites to be enabled for WPA and RSN/WPA2
905 not have support for this)
915 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
922 provides bit better triplet data for testing a single client; anyway,
927 * added support for sending EAP-AKA Notifications in error cases
928 * updated to use IEEE 802.11w/D2.0 for management frame protection
930 * RADIUS server: added support for processing duplicate messages
935 * added support for configuring and controlling multiple BSSes per
940 * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
941 for each STA based on RADIUS Access-Accept attributes); this requires
954 * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
955 * hlr_auc_gw: added support for reading per-IMSI Milenage keys and
957 GSM/UMTS authentication server for multiple SIM/USIM cards using
963 * added 'hostapd_cli new_sta <addr>' command for adding a new STA into
968 * added -P<pid file> argument for hostapd to write the current process
970 * added support for RADIUS Authentication Server MIB (RFC 2619)
974 * added PeerKey handshake implementation for IEEE 802.11e
976 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
983 requiring a TLS library for a successful build; these programs can be
989 * added support for EAP-SAKE (no EAP method number allocated yet, so
997 * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
998 program to make it easier to use for implementing real SS7 gateway;
999 eap_sim_db is not anymore used as a file name for GSM authentication
1010 * driver_madwifi: added support for getting station RSN IE from
1020 * driver_test: added better support for multiple APs and STAs by using
1021 a directory with sockets that include MAC address for each device in
1023 * added support for EAP expanded type (vendor specific EAP methods)
1026 * added experimental STAKey handshake implementation for IEEE 802.11e
1030 * added support for EAP methods to use callbacks to external programs
1035 * added support for using EAP-SIM pseudonyms and fast re-authentication
1036 * added support for EAP-AKA in the integrated EAP authenticator
1037 * added support for matching EAP identity prefixes (e.g., "1"*) in EAP
1039 for EAP-Nak negotiation
1040 * added support for storing EAP user password as NtPasswordHash instead
1041 of plaintext password when using MSCHAP or MSCHAPv2 for
1043 tool for hashing password to generate NtPasswordHash
1054 * driver_madwifi: added support for madwifi-ng
1057 * added support for replacing user identity from EAP with RADIUS
1059 for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
1062 * driver_madwifi: fixed EAPOL packet receive for configuration where
1064 * added a configuration file and log analyzer script for logwatch
1072 it easier for the client to select which certificate to use
1073 * added experimental support for EAP-PSK
1074 * added support for WE-19 (hostap, madwifi)
1085 * fixed PMKSA caching for the case where STA (re)associates without
1094 * driver_test: added support for testing hostapd with wpa_supplicant
1101 * driver_madwifi: added support for RADIUS accounting
1102 * driver_madwifi: added preliminary support for compiling against 'BSD'
1106 * added support for reading additional certificates from PKCS#12 files
1111 * added support for more than one Class attribute in RADIUS packets
1112 * added support for verifying certificate revocation list (CRL) when
1113 using integrated EAP authenticator for EAP-TLS; new hostapd.conf
1114 options 'check_crl'; CRL must be included in the ca_cert file for now
1117 * added support for including network information into
1122 * fixed private key loading for cases where passphrase is not set
1123 * added support for sending TLS alerts and aborting authentication
1129 * added support for RADIUS over IPv6; own_ip_addr, auth_server_addr,
1131 to be added to .config to include IPv6 support); for RADIUS server,
1134 * added experimental support for EAP-PAX
1141 * added support for configuring a forced PEAP version based on the
1151 * fixed WPA message 2/4 processing not to cancel timeout for TimeoutEvt
1158 time for the next retry, the new message needed to wait that long for
1162 * added support for configuring multiple allowed EAP types for Phase 2
1168 * added support for EAP-PEAP in the integrated EAP authenticator
1169 * added support for EAP-GTC in the integrated EAP authenticator
1170 * added support for configuring list of EAP methods for Phase 1 so that
1172 for EAP-TLS and EAP-PEAP
1173 * added support for EAP-TTLS in the integrated EAP authenticator
1174 * added support for EAP-SIM in the integrated EAP authenticator
1175 * added support for using hostapd as a RADIUS authentication server
1183 been used at all for more than year
1185 * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
1188 * added support for integrated EAP-TLS authentication (new hostapd.conf
1192 * added support for reading PKCS#12 (PFX) files (as a replacement for
1196 * added support for Acct-{Input,Output}-Gigawords
1197 * added support for Event-Timestamp (in RADIUS Accounting-Requests)
1198 * added support for RADIUS Authentication Client MIB (RFC2618)
1199 * added support for RADIUS Accounting Client MIB (RFC2620)
1205 * added support for multiple WPA pre-shared keys (e.g., one for each
1207 new hostapd.conf field wpa_psk_file for setting path to a text file
1208 containing PSKs, see hostapd.wpa_psk for an example
1209 * added support for multiple driver interfaces to allow hostapd to be
1212 hostapd.conf, see wired.conf for example configuration)
1214 madwifi.conf for example configuration; Note: include files from
1215 madwifi project is needed for building and a configuration file,
1224 * added hostapd control interface for external programs and an example
1225 CLI, hostapd_cli (like wpa_cli for wpa_supplicant)
1229 * added support for strict GTK rekeying (wpa_strict_rekey in
1232 (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to
1239 * fixed RADIUS accounting to generate a new session id for cases where
1242 deauthenticate the station, i.e., skip long wait for inactivity poll
1247 supported, so this cannot yet be used for key distribution; the EAP
1252 * added support for FreeBSD and driver interface for the BSD net80211
1265 * fixed couple of cases where EAPOL state for a station was freed
1266 twice causing a segfault for hostapd
1274 * added support for copying RADIUS Attribute 'Class' from
1295 * added support for Acct-Interim-Interval:
1299 - allow different update intervals for each STA
1309 * added support for Accounting-On and Accounting-Off messages
1314 previously sent after the kernel entry for the STA (and/or IEEE