eap_config.h revision c5ec7f57ead87efa365800228aa0b09a12d9e6c4
18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP peer configuration data 38d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAP_CONFIG_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_CONFIG_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_peer_config - EAP peer configuration/credentials 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_peer_config { 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * identity - EAP Identity 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to set the real user identity or NAI (for 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-PSK/PAX/SAKE/GPSK). 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *identity; 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * identity_len - EAP Identity length 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t identity_len; 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * anonymous_identity - Anonymous EAP Identity 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used for unencrypted use with EAP types that support 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * different tunnelled identity, e.g., EAP-TTLS, in order to reveal the 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * real identity (identity field) only to the authentication server. 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If not set, the identity field will be used for both unencrypted and 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * protected fields. 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *anonymous_identity; 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * anonymous_identity_len - Length of anonymous_identity 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t anonymous_identity_len; 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * password - Password string for EAP 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field can include either the plaintext password (default 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * option) or a NtPasswordHash (16-byte MD4 hash of the unicode 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * presentation of the password) if flags field has 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP_CONFIG_FLAGS_PASSWORD_NTHASH bit set to 1. NtPasswordHash can 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * only be used with authentication mechanism that use this hash as the 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * starting point for operation: MSCHAP and MSCHAPv2 (EAP-MSCHAPv2, 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP). 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * In addition, this field is used to configure a pre-shared key for 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-PSK/PAX/SAKE/GPSK. The length of the PSK must be 16 for EAP-PSK 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and EAP-PAX and 32 for EAP-SAKE. EAP-GPSK can use a variable length 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * PSK. 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *password; 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * password_len - Length of password field 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t password_len; 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert - File path to CA certificate file (PEM/DER) 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This file can have one or more trusted CA certificates. If ca_cert 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and ca_path are not included, server certificate will not be 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * verified. This is insecure and a trusted CA certificate should 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * always be configured when using EAP-TLS/TTLS/PEAP. Full path to the 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, this can be used to only perform matching of the 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * server certificate (SHA-256 hash of the DER encoded X.509 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate). In this case, the possible CA certificates in the 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * server certificate chain are ignored and only the server certificate 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * is verified. This is configured with the following format: 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * hash:://server/sha256/cert_hash_in_hex 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * For example: "hash://server/sha256/ 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a" 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * On Windows, trusted CA certificates can be loaded from the system 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate store by setting this to cert_store://name, e.g., 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Note that when running wpa_supplicant as an application, the user 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate store (My user account) is used, whereas computer store 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * (Computer account) is used when running wpasvc as a service. 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_cert; 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_path - Directory path for CA certificate files (PEM) 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This path may contain multiple CA certificates in OpenSSL format. 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Common use for this is to point to system trusted CA list which is 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * often installed into directory like /etc/ssl/certs. If configured, 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * these certificates are added to the list of trusted CAs. ca_cert 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * may also be included in that case, but it is not required. 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_path; 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * client_cert - File path to client certificate file (PEM/DER) 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used with EAP method that use TLS authentication. 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Usually, this is only configured for EAP-TLS, even though this could 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in theory be used with EAP-TTLS and EAP-PEAP, too. Full path to the 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *client_cert; 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key - File path to client private key file (PEM/DER/PFX) 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * commented out. Both the private key and certificate will be read 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * from the PKCS#12 file in this case. Full path to the file should be 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * used since working directory may change when wpa_supplicant is run 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in the background. 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Windows certificate store can be used by leaving client_cert out and 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * configuring private_key in one of the following formats: 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cert://substring_to_match 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * hash://certificate_thumbprint_in_hex 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Note that when running wpa_supplicant as an application, the user 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate store (My user account) is used, whereas computer store 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * (Computer account) is used when running wpasvc as a service. 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key; 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key_passwd - Password for private key file 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If left out, this will be asked through control interface. 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key_passwd; 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * dh_file - File path to DH/DSA parameters file (in PEM format) 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is an optional configuration file for setting parameters for an 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ephemeral DH key exchange. In most cases, the default RSA 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * authentication does not use this configuration. However, it is 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * possible setup RSA to use ephemeral DH key exchange. In addition, 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ciphers with DSA keys always use ephemeral DH keys. This can be used 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to achieve forward secrecy. If the file is in DSA parameters format, 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * it will be automatically converted into DH params. Full path to the 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *dh_file; 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * subject_match - Constraint for server certificate subject 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This substring is matched against the subject of the authentication 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * server certificate. If this string is set, the server sertificate is 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * only accepted if it contains this string in the subject. The subject 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * string is in following format: 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@n.example.com 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *subject_match; 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * altsubject_match - Constraint for server certificate alt. subject 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Semicolon separated string of entries to be matched against the 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * alternative subject name of the authentication server certificate. 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If this string is set, the server sertificate is only accepted if it 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * contains one of the entries in an alternative subject name 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * extension. 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * altSubjectName string is in following format: TYPE:VALUE 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Example: EMAIL:server@example.com 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Example: DNS:server.example.com;DNS:server2.example.com 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Following types are supported: EMAIL, DNS, URI 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *altsubject_match; 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert2 - File path to CA certificate file (PEM/DER) (Phase 2) 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This file can have one or more trusted CA certificates. If ca_cert2 2118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and ca_path2 are not included, server certificate will not be 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * verified. This is insecure and a trusted CA certificate should 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * always be configured. Full path to the file should be used since 2148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * working directory may change when wpa_supplicant is run in the 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * background. 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like ca_cert, but used for phase 2 (inside 2188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_cert2; 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_path2 - Directory path for CA certificate files (PEM) (Phase 2) 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This path may contain multiple CA certificates in OpenSSL format. 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Common use for this is to point to system trusted CA list which is 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * often installed into directory like /etc/ssl/certs. If configured, 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * these certificates are added to the list of trusted CAs. ca_cert 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * may also be included in that case, but it is not required. 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like ca_path, but used for phase 2 (inside 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_path2; 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * client_cert2 - File path to client certificate file 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like client_cert, but used for phase 2 (inside 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *client_cert2; 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key2 - File path to client private key file 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like private_key, but used for phase 2 (inside 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the 2578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 2588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key2; 2648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key2_passwd - Password for private key file 2678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like private_key_passwd, but used for phase 2 (inside 2698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key2_passwd; 2728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * dh_file2 - File path to DH/DSA parameters file (in PEM format) 2758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like dh_file, but used for phase 2 (inside 2778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the 2788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 2798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 2808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *dh_file2; 2858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * subject_match2 - Constraint for server certificate subject 2888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like subject_match, but used for phase 2 (inside 2908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *subject_match2; 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * altsubject_match2 - Constraint for server certificate alt. subject 2968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like altsubject_match, but used for phase 2 (inside 2988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *altsubject_match2; 3018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_methods - Allowed EAP methods 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * (vendor=EAP_VENDOR_IETF,method=EAP_TYPE_NONE) terminated list of 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * allowed EAP methods or %NULL if all methods are accepted. 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method_type *eap_methods; 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * phase1 - Phase 1 (outer authentication) parameters 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * String with field-value pairs, e.g., "peapver=0" or 3148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "peapver=1 peaplabel=1". 3158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 'peapver' can be used to force which PEAP version (0 or 1) is used. 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 'peaplabel=1' can be used to force new label, "client PEAP 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * encryption", to be used during key derivation when PEAPv1 or newer. 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Most existing PEAPv1 implementation seem to be using the old label, 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "client EAP encryption", and wpa_supplicant is now using that as the 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * default value. 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Some servers, e.g., Radiator, may require peaplabel=1 configuration 3268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to interoperate with PEAPv1; see eap_testing.txt for more details. 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 'peap_outer_success=0' can be used to terminate PEAP authentication 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * on tunneled EAP-Success. This is required with some RADIUS servers 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * that implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., 3318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode). 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * include_tls_length=1 can be used to force wpa_supplicant to include 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * TLS Message Length field in all TLS messages even if they are not 3358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fragmented. 3368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * sim_min_num_chal=3 can be used to configure EAP-SIM to require three 3388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * challenges (by default, it accepts 2 or 3). 3398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use 3418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * protected result indication. 3428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fast_provisioning option can be used to enable in-line provisioning 3448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * of EAP-FAST credentials (PAC): 3458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 0 = disabled, 3468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1 = allow unauthenticated provisioning, 3478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2 = allow authenticated provisioning, 3488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3 = allow both unauthenticated and authenticated provisioning 3498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fast_max_pac_list_len=num option can be used to set the maximum 3518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * number of PAC entries to store in a PAC list (default: 10). 3528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fast_pac_format=binary option can be used to select binary format 3548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * for storing PAC entries in order to save some space (the default 3558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * text format uses about 2.5 times the size of minimal binary format). 3568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * crypto_binding option can be used to control PEAPv0 cryptobinding 3588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * behavior: 3598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 0 = do not use cryptobinding (default) 3608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1 = use cryptobinding if server supports it 3618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2 = require cryptobinding 3628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-WSC (WPS) uses following options: pin=Device_Password and 3648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * uuid=Device_UUID 3658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *phase1; 3678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * phase2 - Phase2 (inner authentication with TLS tunnel) parameters 3708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * String with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or 3728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS. 3738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *phase2; 3758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pcsc - Parameters for PC/SC smartcard interface for USIM and GSM SIM 3788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to configure PC/SC smartcard interface. 3808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Currently, the only configuration is whether this field is %NULL (do 3818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * not use PC/SC) or non-NULL (e.g., "") to enable PC/SC. 3828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used for EAP-SIM and EAP-AKA. 3848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pcsc; 3868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pin - PIN for USIM, GSM SIM, and smartcards 3898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to configure PIN for SIM and smartcards for 3918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a 3928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * smartcard is used for private key operations. 3938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If left out, this will be asked through control interface. 3958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pin; 3978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine - Enable OpenSSL engine (e.g., for smartcard access) 4008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int engine; 4058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine_id - Engine ID for OpenSSL engine 4088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11 4108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine. 4118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *engine_id; 4168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine2 - Enable OpenSSL engine (e.g., for smartcard) (Phase 2) 4198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like engine, but used for phase 2 (inside 4248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 4258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int engine2; 4278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pin2 - PIN for USIM, GSM SIM, and smartcards (Phase 2) 4318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to configure PIN for SIM and smartcards for 4338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a 4348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * smartcard is used for private key operations. 4358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like pin2, but used for phase 2 (inside 4378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 4388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If left out, this will be asked through control interface. 4408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pin2; 4428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine2_id - Engine ID for OpenSSL engine (Phase 2) 4458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11 4478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine. 4488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like engine_id, but used for phase 2 (inside 4538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 4548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *engine2_id; 4568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * key_id - Key ID for OpenSSL engine 4608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *key_id; 4658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cert_id - Cert ID for OpenSSL engine 4688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the certificate operations for EAP-TLS are performed 4708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *cert_id; 4738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert_id - CA Cert ID for OpenSSL engine 4768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the CA certificate for EAP-TLS is on a smartcard. 4788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *ca_cert_id; 4808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * key2_id - Key ID for OpenSSL engine (phase2) 4838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *key2_id; 4888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cert2_id - Cert ID for OpenSSL engine (phase2) 4918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the certificate operations for EAP-TLS are performed 4938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *cert2_id; 4968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert2_id - CA Cert ID for OpenSSL engine (phase2) 4998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the CA certificate for EAP-TLS is on a smartcard. 5018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *ca_cert2_id; 5038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * otp - One-time-password 5068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when OTP is entered through the control interface. 5098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *otp; 5118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * otp_len - Length of the otp field 5148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t otp_len; 5168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_identity - Whether there is a pending identity request 5198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_identity; 5258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_password - Whether there is a pending password request 5288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_password; 5348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_pin - Whether there is a pending PIN request 5378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_pin; 5438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_new_password - Pending password update request 5468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_new_password; 5528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_passphrase - Pending passphrase request 5558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_passphrase; 5618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_otp - Whether there is a pending OTP request 5648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pending_req_otp; 5708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_otp_len - Length of the pending OTP request 5738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t pending_req_otp_len; 5758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pac_file - File path or blob name for the PAC entries (EAP-FAST) 5788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant will need to be able to create this file and write 5808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * updates to it when PAC is being provisioned or refreshed. Full path 5818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to the file should be used since working directory may change when 5828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 5838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 5848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 5858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pac_file; 5878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * mschapv2_retry - MSCHAPv2 retry in progress 5908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used internally by EAP-MSCHAPv2 and should not be set 5928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * as part of configuration. 5938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int mschapv2_retry; 5958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * new_password - New password for password update 5988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used during MSCHAPv2 password update. This is normally 6008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requested from the user through the control interface and not set 6018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * from configuration. 6028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *new_password; 6048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * new_password_len - Length of new_password field 6078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t new_password_len; 6098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fragment_size - Maximum EAP fragment size in bytes (default 1398) 6128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 6138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This value limits the fragment size for EAP methods that support 6148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set 6158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * small enough to make the EAP messages fit in MTU of the network 6168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * interface used for EAPOL. The default value is suitable for most 6178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cases. 6188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int fragment_size; 6208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_CONFIG_FLAGS_PASSWORD_NTHASH BIT(0) 6228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * flags - Network configuration flags (bitfield) 6248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 6258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used for internal flags to describe further details 6268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * for the network parameters. 6278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * bit 0 = password is represented as a 16-byte NtPasswordHash value 6288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * instead of plaintext password 6298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u32 flags; 6318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 6328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 6358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct wpa_config_blob - Named configuration blob 6368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 6378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This data structure is used to provide storage for binary objects to store 6388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * abstract information like certificates and private keys inlined with the 6398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * configuration data. 6408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct wpa_config_blob { 6428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * name - Blob name 6448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *name; 6468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data - Pointer to binary data 6498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *data; 6518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * len - Length of binary data 6548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t len; 6568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * next - Pointer to next blob in the configuration 6598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpa_config_blob *next; 6618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 6628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAP_CONFIG_H */ 664