EAP server: Use struct eap_config to avoid duplicated definitions

[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.conf

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 9a472a5ba30aee0b0c86c52ed83fef4e10264b13..1159bdcdc59bb2fcab6beed4278731a0453681a2 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -318,6 +318,15 @@ fast_reauth=1
 # of APs when using ap_scan=1 mode.
 #bss_max_count=200
 
+# BSS expiration age in seconds. A BSS will be removed from the local cache
+# if it is not in use and has not been seen for this time. Default is 180.
+#bss_expiration_age=180
+
+# BSS expiration after number of scans. A BSS will be removed from the local
+# cache if it is not seen in this number of scans.
+# Default is 2.
+#bss_expiration_scan_count=2
+
 # Automatic scan
 # This is an optional set of parameters for automatic scanning
 # within an interface in following format:
@@ -1049,6 +1058,14 @@ fast_reauth=1
 # 0 = disabled (default unless changed with the global okc parameter)
 # 1 = enabled
 #
+# ft_eap_pmksa_caching:
+# Whether FT-EAP PMKSA caching is allowed
+# 0 = do not try to use PMKSA caching with FT-EAP (default)
+# 1 = try to use PMKSA caching with FT-EAP
+# This controls whether to try to use PMKSA caching with FT-EAP for the
+# FT initial mobility domain association.
+#ft_eap_pmksa_caching=0
+#
 # wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
 # hex without quotation, e.g., 0102030405)
 # wep_tx_keyidx: Default WEP key index (TX) (0..3)
@@ -1180,6 +1197,12 @@ fast_reauth=1
 #      certificate may include additional sub-level labels in addition to the
 #      required labels.
 #
+#      More than one match string can be provided by using semicolons to
+#      separate the strings (e.g., example.org;example.com). When multiple
+#      strings are specified, a match with any one of the values is considered
+#      a sufficient match for the certificate, i.e., the conditions are ORed
+#      together.
+#
 #      For example, domain_suffix_match=example.com would match
 #      test.example.com but would not match test-example.com.
 # domain_match: Constraint for server domain name
@@ -1192,6 +1215,12 @@ fast_reauth=1
 #      no subdomains or wildcard matches are allowed. Case-insensitive
 #      comparison is used, so "Example.com" matches "example.com", but would
 #      not match "test.Example.com".
+#
+#      More than one match string can be provided by using semicolons to
+#      separate the strings (e.g., example.org;example.com). When multiple
+#      strings are specified, a match with any one of the values is considered
+#      a sufficient match for the certificate, i.e., the conditions are ORed
+#      together.
 # phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
 #      (string with field-value pairs, e.g., "peapver=0" or
 #      "peapver=1 peaplabel=1")
@@ -1487,6 +1516,12 @@ fast_reauth=1
 # Transitioning between states).
 #fst_llt=100
 
+# BSS Transition Management
+# disable_btm - Disable BSS transition management in STA
+# Set to 0 to enable BSS transition management (default behavior)
+# Set to 1 to disable BSS transition management
+#disable_btm=0
+
 # Example blocks:
 
 # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers