changelog

一个Linux下无线网卡的设置工具

	  branch of madwifi CVS tree
	* added support for EAP-MSCHAPv2 password retries within the same EAP
	  authentication session
	* added support for password changes with EAP-MSCHAPv2 (used when the
	  password has expired)
	* added support for reading additional certificates from PKCS#12 files
	  and adding them to the certificate chain
	* fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
	  were used
	* fixed a possible double free in EAP-TTLS fast-reauthentication when
	  identity or password is entered through control interface
	* display EAP Notification messages to user through control interface
	  with "CTRL-EVENT-EAP-NOTIFICATION" prefix
	* added GUI version of wpa_cli, wpa_gui; this is not build
	  automatically with 'make'; use 'make wpa_gui' to build (this requires
	  Qt development tools)
	* added 'disconnect' command to control interface for setting
	  wpa_supplicant in state where it will not associate before
	  'reassociate' command has been used
	* added support for selecting a network from the list of all configured
	  networks ('wpa_cli select_network <network id>'; this disabled all
	  other networks; to re-enable, 'wpa_cli select_network any')
	* added support for getting scan results through control interface
	* added EAP workaround for PEAPv1 session resumption: allow outer,
	  i.e., not tunneled, EAP-Success to terminate session since; this can
	  be disabled with eap_workaround=0

2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
	* added a new build time option, CONFIG_NO_STDOUT_DEBUG, that can be
	  used to reduce the size of the wpa_supplicant considerably if
	  debugging code is not needed
	* fixed EAPOL-Key validation to drop packets with invalid Key Data
	  Length; such frames could have crashed wpa_supplicant due to buffer
	  overflow
	* added support for wired authentication (IEEE 802.1X on wired
	  Ethernet); driver interface 'wired'
	* obsoleted set_wpa() handler in the driver interface API (it can be
	  replaced by moving enable/disable functionality into init()/deinit())
	  (calls to set_wpa() are still present for backwards compatibility,
	  but they may be removed in the future)
	* driver_madwifi: fixed association in plaintext mode
	* modified the EAP workaround that accepts EAP-Success with incorrect
	  Identifier to be even less strict about verification in order to
	  interoperate with some authentication servers
	* added support for sending TLS alerts
	* added support for 'any' SSID wildcard; if ssid is not configured or
	  is set to an empty string, any SSID will be accepted for non-WPA AP
	* added support for asking PIN (for SIM) from frontends (e.g.,
	  wpa_cli); if a PIN is needed, but not included in the configuration
	  file, a control interface request is sent and EAP processing is
	  delayed until the PIN is available
	* added support for using external devices (e.g., a smartcard) for
	  private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
	  new wpa_supplicant.conf variables:
	  - global: opensc_engine_path, pkcs11_engine_path, pkcs11_module_path
	  - network: engine, engine_id, key_id
	* added experimental support for EAP-PAX
	* added monitor mode for wpa_cli (-a<path to a program to run>) that
	  allows external commands (e.g., shell scripts) to be run based on
	  wpa_supplicant events, e.g., when authentication has been completed
	  and data connection is ready; other related wpa_cli arguments:
	  -B (run in background), -P (write PID file); wpa_supplicant has a new
	  command line argument (-W) that can be used to make it wait until a
	  control interface command is received in order to avoid missing
	  events
	* added support for opportunistic WPA2 PMKSA key caching (disabled by
	  default, can be enabled with proactive_key_caching=1)
	* fixed RSN IE in 4-Way Handshake message 2/4 for the case where
	  Authenticator rejects PMKSA caching attempt and the driver is not
	  using assoc_info events
	* added -P<pid file> argument for wpa_supplicant to write the current
	  process id into a file

2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
	* added new phase1 option parameter, include_tls_length=1, to force
	  wpa_supplicant to add TLS Message Length field to all TLS messages
	  even if the packet is not fragmented; this may be needed with some
	  authentication servers
	* fixed WPA/RSN IE verification in message 3 of 4-Way Handshake when
	  using drivers that take care of AP selection (e.g., when using
	  ap_scan=2)
	* fixed reprocessing of pending request after ctrl_iface requests for
	  identity/password/otp
	* fixed ctrl_iface requests for identity/password/otp in Phase 2 of
	  EAP-PEAP and EAP-TTLS
	* all drivers using driver_wext: set interface up and select Managed
	  mode when starting wpa_supplicant; set interface down when exiting
	* renamed driver_ipw2100.c to driver_ipw.c since it now supports both
	  ipw2100 and ipw2200; please note that this also changed the
	  configuration variable in .config to CONFIG_DRIVER_IPW

2005-01-24 - v0.3.6
	* fixed a busy loop introduced in v0.3.5 for scan result processing
	  when no matching AP is found

2005-01-23 - v0.3.5
	* added a workaround for an interoperability issue with a Cisco AP
	  when using WPA2-PSK
	* fixed non-WPA IEEE 802.1X to use the same authentication timeout as
	  WPA with IEEE 802.1X (i.e., timeout 10 -> 70 sec to allow
	  retransmission of dropped frames)
	* fixed issues with 64-bit CPUs and SHA1 cleanup in previous version
	  (e.g., segfault when processing EAPOL-Key frames)
	* fixed EAP workaround and fast reauthentication configuration for
	  RSN pre-authentication; previously these were disabled and
	  pre-authentication would fail if the used authentication server
	  requires EAP workarounds
	* added support for blacklisting APs that fail or timeout
	  authentication in ap_scan=1 mode so that all APs are tried in cases
	  where the ones with strongest signal level are failing authentication
	* fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
	  authentication attempt
	* allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded
	  in the previous authentication (previously, only Phase 1 success was
	  verified)

2005-01-09 - v0.3.4
	* added preliminary support for IBSS (ad-hoc) mode configuration
	  (mode=1 in network block); this included a new key_mgmt mode
	  WPA-NONE, i.e., TKIP or CCMP with a fixed key (based on psk) and no
	  key management; see wpa_supplicant.conf for more details and an
	  example on how to configure this (note: this is currently implemented
	  only for driver_hostapd.c, but the changes should be trivial to add
	  in associate() handler for other drivers, too (assuming the driver
	  supports WPA-None)
	* added preliminary port for native Windows (i.e., no cygwin) using
	  mingw

2005-01-02 - v0.3.3
	* added optional support for GNU Readline and History Libraries for
	  wpa_cli (CONFIG_READLINE)
	* cleaned up EAP state machine <-> method interface and number of
	  small problems with error case processing not terminating on
	  EAP-Failure but waiting for timeout
	* added couple of workarounds for interoperability issues with a
	  Cisco AP when using WPA2
	* added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
	  Note: This requires a patch for openssl to add support for TLS
	  extensions and number of workarounds for operations without
	  certificates. Proof of concept type of experimental patch is
	  included in openssl-tls-extensions.patch.

2004-12-19 - v0.3.2
	* fixed private key loading for cases where passphrase is not set
	* fixed Windows/cygwin L2 packet handler freeing; previous version
	  could cause a segfault when RSN pre-authentication was completed
	* added support for PMKSA caching with drivers that generate RSN IEs
	  (e.g., NDIS); currently, this is only implemented in driver_ndis.c,
	  but similar code can be easily added to driver_ndiswrapper.c once
	  ndiswrapper gets full support for RSN PMKSA caching
	* improved recovery from PMKID mismatches by requesting full EAP
	  authentication in case of failed PMKSA caching attempt
	* driver_ndis: added support for NDIS NdisMIncidateStatus() events
	  (this requires that ndis_events is ran while wpa_supplicant is
	  running)
	* driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
	* added support for driver interfaces to replace the interface name
	  based on driver/OS specific mapping, e.g., in case of driver_ndis,
	  this allows the beginning of the adapter description to be used as
	  the interface name
	* added support for CR+LF (Windows-style) line ends in configuration
	  file
	* driver_ndis: enable radio before starting scanning, disable radio
	  when exiting
	* modified association event handler to set portEnabled = FALSE before
	  clearing port Valid in order to reset EAP state machine and avoid
	  problems with new authentication getting ignored because of state
	  machines ending up in AUTHENTICATED/SUCCESS state based on old
	  information
	* added support for driver events to add PMKID candidates in order to
	  allow drivers to give priority to most likely roaming candidates
	* driver_hostap: moved PrivacyInvoked configuration to associate()
	  function so that this will not be set for plaintext connections
	* added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that driver
	  interface can distinguish plaintext and IEEE 802.1X (no WPA)
	  authentication
	* fixed static WEP key configuration to use broadcast/default type for
	  all keys (previously, the default TX key was configured as pairwise/
	  unicast key)
	* driver_ndis: added legacy WPA capability detection for non-WPA2
	  drivers
	* added support for setting static WEP keys for IEEE 802.1X without
	  dynamic WEP keying (eapol_flags=0)

2004-12-12 - v0.3.1
	* added support for reading PKCS#12 (PFX) files (as a replacement for
	  PEM/DER) to get certificate and private key (CONFIG_PKCS12)
	* fixed compilation with CONFIG_PCSC=y
	* added new ap_scan mode, ap_scan=2, for drivers that take care of
	  association, but need to be configured with security policy and SSID,
	  e.g., ndiswrapper and NDIS driver; this mode should allow such
	  drivers to work with hidden SSIDs and optimized roaming; when
	  ap_scan=2 is used, only the first network block in the configuration
	  file is used and this configuration should have explicit security
	  policy (i.e., only one option in the lists) for key_mgmt, pairwise,
	  group, proto variables
	* added experimental port of wpa_supplicant for Windows
	  - driver_ndis.c driver interface (NDIS OIDs)
	  - currently, this requires cygwin and WinPcap
	  - small utility, win_if_list, can be used to get interface name
	* control interface can now be removed at build time; add
	  CONFIG_CTRL_IFACE=y to .config to maintain old functionality
	* optional Xsupplicant interface can now be removed at build time;
	  (CONFIG_XSUPPLICANT_IFACE=y in .config to bring it back)
	* added auth_alg to driver interface associate() parameters to make it
	  easier for drivers to configure authentication algorithm as part of
	  the association

2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
	* driver_broadcom: added new driver interface for Broadcom wl.o driver
	  (a generic driver for Broadcom IEEE 802.11a/g cards)
	* wpa_cli: fixed parsing of -p <path> command line argument
	* PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS
	  ACK, not tunneled EAP-Success (of which only the first byte was
	  actually send due to a bug in previous code); this seems to
	  interoperate with most RADIUS servers that implements PEAPv1
	* PEAPv1: added support for terminating PEAP authentication on tunneled
	  EAP-Success message; this can be configured by adding
	  peap_outer_success=0 on phase1 parameters in wpa_supplicant.conf
	  (some RADIUS servers require this whereas others require a tunneled
	  reply
	* PEAPv1: changed phase1 option peaplabel to use default to 0, i.e., to
	  the old label for key derivation; previously, the default was 1,
	  but it looks like most existing PEAPv1 implementations use the old
	  label which is thus more suitable default option
	* added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
	* fixed parsing of wep_tx_keyidx
	* added support for configuring list of allowed Phase 2 EAP types
	  (for both EAP-PEAP and EAP-TTLS) instead of only one type
	* added support for configuring IEEE 802.11 authentication algorithm
	  (auth_alg; mainly for using Shared Key authentication with static
	  WEP keys)