changelog

WLAN无线网络管理的最新程序

2006-03-19 - v0.5.2
	* do not try to use USIM APDUs when initializing PC/SC for SIM card
	  access for a network that has not enabled EAP-AKA
	* fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
	  v0.5.1 due to the new support for expanded EAP types)
	* added support for generating EAP Expanded Nak
	* try to fetch scan results once before requesting new scan when
	  starting up in ap_scan=1 mode (this can speed up initial association
	  a lot with, e.g., madwifi-ng driver)
	* added support for receiving EAPOL frames from a Linux bridge
	  interface (-bbr0 on command line)
	* fixed EAPOL re-authentication for sessions that used PMKSA caching
	* changed EAP method registration to use a dynamic list of methods
	  instead of a static list generated at build time
	* fixed PMKSA cache deinitialization not to use freed memory when
	  removing PMKSA entries
	* fixed a memory leak in EAP-TTLS re-authentication
	* reject WPA/WPA2 message 3/4 if it does not include any valid
	  WPA/RSN IE
	* driver_wext: added fallback to use SIOCSIWENCODE for setting auth_alg
	  if the driver does not support SIOCSIWAUTH

2006-01-29 - v0.5.1
	* driver_test: added better support for multiple APs and STAs by using
	  a directory with sockets that include MAC address for each device in
	  the name (driver_param=test_dir=/tmp/test)
	* added support for EAP expanded type (vendor specific EAP methods)
	* added AP_SCAN command into ctrl_iface so that ap_scan configuration
	  option can be changed if needed
	* wpa_cli/wpa_gui: skip non-socket files in control directory when
	  using UNIX domain sockets; this avoids selecting an incorrect
	  interface (e.g., a PID file could be in this directory, even though
	  use of this directory for something else than socket files is not
	  recommended)
	* fixed TLS library deinitialization after RSN pre-authentication not
	  to disable TLS library for normal authentication
	* driver_wext: Remove null-termination from SSID length if the driver
	  used it; some Linux drivers do this and they were causing problems in
	  wpa_supplicant not finding matching configuration block. This change
	  would break a case where the SSID actually ends in '\0', but that is
	  not likely to happen in real use.
	* fixed PMKSA cache processing not to trigger deauthentication if the
	  current PMKSA cache entry is replaced with a valid new entry
	* fixed PC/SC initialization for ap_scan != 1 modes (this fixes
	  EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
	  ap_scan=2)

2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
	* added experimental STAKey handshake implementation for IEEE 802.11e
	  direct link setup (DLS); note: this is disabled by default in both
	  build and runtime configuration (can be enabled with CONFIG_STAKEY=y
	  and stakey=1)
	* fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
	  decrypt AT_ENCR_DATA attributes correctly
	* fixed EAP-AKA to allow resynchronization within the same session
	* made code closer to ANSI C89 standard to make it easier to port to
	  other C libraries and compilers
	* started moving operating system or C library specific functions into
	  wrapper functions defined in os.h and implemented in os_*.c to make
	  code more portable
	* wpa_supplicant can now be built with Microsoft Visual C++
	  (e.g., with the freely available Toolkit 2003 version or Visual
	  C++ 2005 Express Edition and Platform SDK); see nmake.mak for an
	  example makefile for nmake
	* added support for using Windows registry for command line parameters
	  (CONFIG_MAIN=main_winsvc) and configuration data
	  (CONFIG_BACKEND=winreg); see win_example.reg for an example registry
	  contents; this version can be run both as a Windows service and as a
	  normal application; 'wpasvc.exe app' to start as applicant,
	  'wpasvc.exe reg <full path to wpasvc.exe>' to register a service,
	  'net start wpasvc' to start the service, 'wpasvc.exe unreg' to
	  unregister a service
	* made it possible to link ndis_events.exe functionality into
	  wpa_supplicant.exe by defining CONFIG_NDIS_EVENTS_INTEGRATED
	* added better support for multiple control interface backends
	  (CONFIG_CTRL_IFACE option); currently, 'unix' and 'udp' are supported
	* fixed PC/SC code to use correct length for GSM AUTH command buffer
	  and to not use pioRecvPci with SCardTransmit() calls; these were not
	  causing visible problems with pcsc-lite, but Windows Winscard.dll
	  refused the previously used parameters; this fixes EAP-SIM and
	  EAP-AKA authentication using SIM/USIM card under Windows
	* added new event loop implementation for Windows using
	  WaitForMultipleObject() instead of select() in order to allow waiting
	  for non-socket objects; this can be selected with
	  CONFIG_ELOOP=eloop_win in .config
	* added support for selecting l2_packet implementation in .config
	  (CONFIG_L2_PACKET; following options are available now: linux, pcap,
	  winpcap, freebsd, none)
	* added new l2_packet implementation for WinPcap
	  (CONFIG_L2_PACKET=winpcap) that uses a separate receive thread to
	  reduce latency in EAPOL receive processing from about 100 ms to about
	  3 ms
	* added support for EAP-FAST key derivation using other ciphers than
	  RC4-128-SHA for authentication and AES128-SHA for provisioning
	* added support for configuring CA certificate as DER file and as a
	  configuration blob
	* fixed private key configuration as configuration blob and added
	  support for using PKCS#12 as a blob
	* tls_gnutls: added support for using PKCS#12 files; added support for
	  session resumption
	* added support for loading trusted CA certificates from Windows
	  certificate store: ca_cert="cert_store://<name>", where <name> is
	  likely CA (Intermediate CA certificates) or ROOT (root certificates)
	* added C version of ndis_events.cpp and made it possible to build this
	  with MinGW so that CONFIG_NDIS_EVENTS_INTEGRATED can be used more
	  easily on cross-compilation builds
	* added wpasvc.exe into Windows binary release; this is an alternative
	  version of wpa_supplicant.exe with configuration backend using
	  Windows registry and with the entry point designed to run as a
	  Windows service
	* integrated ndis_events.exe functionality into wpa_supplicant.exe and
	  wpasvc.exe and removed this additional tool from the Windows binary
	  release since it is not needed anymore
	* load winscard.dll functions dynamically when building with MinGW
	  since MinGW does not yet include winscard library

2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
	* l2_packet_pcap: fixed wired IEEE 802.1X authentication with libpcap
	  and WinPcap to receive frames sent to PAE group address
	* disable EAP state machine when IEEE 802.1X authentication is not used
	  in order to get rid of bogus "EAP failed" messages
	* fixed OpenSSL error reporting to go through all pending errors to
	  avoid confusing reports of old errors being reported at later point
	  during handshake
	* fixed configuration file updating to not write empty variables
	  (e.g., proto or key_mgmt) that the file parser would not accept
	* fixed ADD_NETWORK ctrl_iface command to use the same default values
	  for variables as empty network definitions read from config file
	  would get
	* fixed EAP state machine to not discard EAP-Failure messages in many
	  cases (e.g., during TLS handshake)
	* fixed a infinite loop in private key reading if the configured file
	  cannot be parsed successfully
	* driver_madwifi: added support for madwifi-ng
	* wpa_gui: do not display password/PSK field contents
	* wpa_gui: added CA certificate configuration
	* driver_ndis: fixed scan request in ap_scan=2 mode not to change SSID
	* driver_ndis: include Beacon IEs in AssocInfo in order to notice if
	  the new AP is using different WPA/RSN IE
	* use longer timeout for IEEE 802.11 association to avoid problems with
	  drivers that may take more than five second to associate

2005-10-27 - v0.4.6
	* allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch in
	  RSN IE, but WPA IE would match with wpa_supplicant configuration
	* added support for named configuration blobs in order to avoid having
	  to use file system for external files (e.g., certificates);
	  variables can be set to "blob://<blob name>" instead of file path to
	  use a named blob; supported fields: pac_file, client_cert,
	  private_key
	* fixed RSN pre-authentication (it was broken in the clean up of WPA
	  state machine interface in v0.4.5)
	* driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make
	  sure the driver configures broadcast decryption correctly
	* added ca_path (and ca_path2) configuration variables that can be used
	  to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the
	  system-wide trusted CA list
	* added support for starting wpa_supplicant without a configuration
	  file (-C argument must be used to set ctrl_interface parameter for
	  this case; in addition, -p argument can be used to provide
	  driver_param; these new arguments can also be used with a
	  configuration to override the values from the configuration)
	* added global control interface that can be optionally used for adding
	  and removing network interfaces dynamically (-g command line argument
	  for both wpa_supplicant and wpa_cli) without having to restart
	  wpa_supplicant process
	* wpa_gui:
	  - try to save configuration whenever something is modified
	  - added WEP key configuration
	  - added possibility to edit the current network configuration
	* driver_ndis: fixed driver polling not to increase frequency on each
	  received EAPOL frame due to incorrectly cancelled timeout
	* added simple configuration file examples (in examples subdirectory)
	* fixed driver_wext.c to filter wireless events based on ifindex to
	  avoid interfaces receiving events from other interfaces
	* delay sending initial EAPOL-Start couple of seconds to speed up
	  authentication for the most common case of Authenticator starting
	  EAP authentication immediately after association

2005-09-25 - v0.4.5
	* added a workaround for clearing keys with ndiswrapper to allow
	  roaming from WPA enabled AP to plaintext one
	* added docbook documentation (doc/docbook) that can be used to
	  generate, e.g., man pages
	* l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW for
	  PF_PACKET in order to prepare for network devices that do not use
	  Ethernet headers (e.g., network stack with native IEEE 802.11 frames)
	* use receipt of EAPOL-Key frame as a lower layer success indication
	  for EAP state machine to allow recovery from dropped EAP-Success
	  frame
	* cleaned up internal EAPOL frame processing by not including link
	  layer (Ethernet) header during WPA and EAPOL/EAP processing; this
	  header is added only when transmitted the frame; this makes it easier
	  to use wpa_supplicant on link layers that use different header than
	  Ethernet
	* updated EAP-PSK to use draft 9 by default since this can now be
	  tested with hostapd; removed support for draft 3, including
	  server_nai configuration option from network blocks
	* driver_wired: add PAE address to the multicast address list in order
	  to be able to receive EAPOL frames with drivers that do not include
	  these multicast addresses by default
	* driver_wext: add support for WE-19
	* added support for multiple configuration backends (CONFIG_BACKEND
	  option); currently, only 'file' is supported (i.e., the format used
	  in wpa_supplicant.conf)
	* added support for updating configuration ('wpa_cli save_config');
	  this is disabled by default and can be enabled with global
	  update_config=1 variable in wpa_supplicant.conf; this allows wpa_cli
	  and wpa_gui to store the configuration changes in a permanent store
	* added GET_NETWORK ctrl_iface command
	  (e.g., 'wpa_cli get_network 0 ssid')

2005-08-21 - v0.4.4
	* replaced OpenSSL patch for EAP-FAST support
	  (openssl-tls-extensions.patch) with a more generic and correct
	  patch (the new patch is not compatible with the previous one, so the
	  OpenSSL library will need to be patched with the new patch in order
	  to be able to build wpa_supplicant with EAP-FAST support)
	* added support for using Windows certificate store (through CryptoAPI)
	  for client certificate and private key operations (EAP-TLS)
	  (see wpa_supplicant.conf for more information on how to configure
	  this with private_key)
	* ported wpa_gui to Windows
	* added Qt4 version of wpa_gui (wpa_gui-qt4 directory); this can be
	  built with the open source version of the Qt4 for Windows
	* allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be used
	  with drivers that do not support WPA
	* ndis_events: fixed Windows 2000 support
	* added support for enabling/disabling networks from the list of all
	  configured networks ('wpa_cli enable_network <network id>' and
	  'wpa_cli disable_network <network id>')
	* added support for adding and removing network from the current
	  configuration ('wpa_cli add_network' and 'wpa_cli remove_network
	  <network id>'); added networks are disabled by default and they can
	  be enabled with enable_network command once the configuration is done
	  for the new network; note: configuration file is not yet updated, so
	  these new networks are lost when wpa_supplicant is restarted
	* added support for setting network configuration parameters through
	  the control interface, for example:
	  wpa_cli set_network 0 ssid "\"my network\""
	* fixed parsing of strings that include both " and # within double
	  quoted area (e.g., "start"#end")
	* added EAP workaround for PEAP session resumption: allow outer,
	  i.e., not tunneled, EAP-Success to terminate session since; this can
	  be disabled with eap_workaround=0
	  (this was allowed for PEAPv1 before, but now it is also allowed for
	  PEAPv0 since at least one RADIUS authentication server seems to be
	  doing this for PEAPv0, too)
	* wpa_gui: added preliminary support for adding new networks to the
	  wpa_supplicant configuration (double click on the scan results to
	  open network configuration)

2005-06-26 - v0.4.3
	* removed interface for external EAPOL/EAP supplicant (e.g.,
	  Xsupplicant), (CONFIG_XSUPPLICANT_IFACE) since it is not required