mesh: Write close reason from Mesh Peering Close to debug log

[mech_eap.git] / wpa_supplicant / wpa_supplicant.conf

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 45bf518..1d86a71 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -168,10 +168,13 @@ ap_scan=1
 fast_reauth=1
 
 # OpenSSL Engine support
-# These options can be used to load OpenSSL engines.
+# These options can be used to load OpenSSL engines in special or legacy
+# modes.
 # The two engines that are supported currently are shown below:
 # They are both from the opensc project (http://www.opensc.org/)
-# By default no engines are loaded.
+# By default the PKCS#11 engine is loaded if the client_cert or
+# private_key option appear to be a PKCS#11 URI, and these options
+# should not need to be used explicitly.
 # make the opensc engine available
 #opensc_engine_path=/usr/lib/opensc/engine_opensc.so
 # make the pkcs11 engine available
@@ -440,6 +443,12 @@ fast_reauth=1
 #     matching network block
 #auto_interworking=0
 
+# GAS Address3 field behavior
+# 0 = P2P specification (Address3 = AP BSSID); default
+# 1 = IEEE 802.11 standard compliant (Address3 = Wildcard BSSID when
+#     sent to not-associated AP; if associated, AP BSSID)
+#gas_address3=0
+
 # credential block
 #
 # Each credential used for automatic network selection is configured as a set
@@ -474,6 +483,10 @@ fast_reauth=1
 #      (EAP-TLS). Full path to the file should be used since working
 #      directory may change when wpa_supplicant is run in the background.
 #
+#      Certificates from PKCS#11 tokens can be referenced by a PKCS#11 URI.
+#
+#      For example: private_key="pkcs11:manufacturer=piv_II;id=%01"
+#
 #      Alternatively, a named configuration blob can be used by setting
 #      this to blob://blob_name.
 #
@@ -484,6 +497,9 @@ fast_reauth=1
 #      used since working directory may change when wpa_supplicant is run
 #      in the background.
 #
+#      Keys in PKCS#11 tokens can be referenced by a PKCS#11 URI.
+#      For example: private_key="pkcs11:manufacturer=piv_II;id=%01"
+#
 #      Windows certificate store can be used by leaving client_cert out and
 #      configuring private_key in one of the following formats:
 #
@@ -1175,6 +1191,11 @@ fast_reauth=1
 # Beacon interval (default: 100 TU)
 #beacon_int=100
 
+# WPS in AP mode
+# 0 = WPS enabled and configured (default)
+# 1 = WPS disabled
+#wps_disabled=0
+
 # MAC address policy
 # 0 = use permanent MAC address
 # 1 = use random MAC address for each ESS connection
@@ -1576,22 +1597,10 @@ network={
        group=CCMP TKIP
        identity="user@example.com"
        ca_cert="/etc/cert/ca.pem"
-       client_cert="/etc/cert/user.pem"
-
-       engine=1
-
-       # The engine configured here must be available. Look at
-       # OpenSSL engine support in the global section.
-       # The key available through the engine must be the private key
-       # matching the client certificate configured above.
-
-       # use the opensc engine
-       #engine_id="opensc"
-       #key_id="45"
 
-       # use the pkcs11 engine
-       engine_id="pkcs11"
-       key_id="id_45"
+       # Certificate and/or key identified by PKCS#11 URI (RFC7512)
+       client_cert="pkcs11:manufacturer=piv_II;id=%01"
+       private_key="pkcs11:manufacturer=piv_II;id=%01"
 
        # Optional PIN configuration; this can be left out and PIN will be
        # asked through the control interface