hostapd/wpa_supplicant - new development release v0.6.5

Jouni Malinen j
Sat Nov 1 08:35:57 PDT 2008

New versions of wpa_supplicant and hostapd were just
released and are now available from

This release is from the development branch (0.6.x). Please note that
the 0.5.x branch continues to be the current source of stable releases.

* added support for SHA-256 as X.509 certificate digest when using the
  internal X.509/TLSv1 implementation
* fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
  identity lengths)
* fixed internal TLSv1 implementation for abbreviated handshake (used
  by EAP-FAST server)
* added support for setting VLAN ID for STAs based on local MAC ACL
  (accept_mac_file) as an alternative for RADIUS server-based
* updated management frame protection to use IEEE 802.11w/D6.0
  (adds a new association ping to protect against unauthenticated
  authenticate or (re)associate request frames dropping association)
* added support for using SHA256-based stronger key derivation for WPA2
  (IEEE 802.11w)
* added new "driver wrapper" for RADIUS-only configuration
  (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
* fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
  is enabled in configuration
* changed EAP-FAST configuration to use separate fields for A-ID and
  A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
  16-octet len binary value for better interoperability with some peer
  implementations; eap_fast_a_id is now configured as a hex string
* driver_nl80211: Updated to match the current Linux mac80211 AP mode
  configuration (wireless-testing.git and Linux kernel releases
  starting from 2.6.29)

* added support for SHA-256 as X.509 certificate digest when using the
  internal X.509/TLSv1 implementation
* updated management frame protection to use IEEE 802.11w/D6.0
* added support for using SHA256-based stronger key derivation for WPA2
  (IEEE 802.11w)
* fixed FT (IEEE 802.11r) authentication after a failed association to
  use correct FTIE
* added support for configuring Phase 2 (inner/tunneled) authentication
  method with wpa_gui-qt4

git-shortlog for 0.6.4 -> 0.6.5:

Andriy Tkachuk (1):
      Fix build with CONFIG_CLIENT_MLME, but without CONFIG_IEEE80211W

Bernard Gray (2):
      wpa_gui-qt4: add svg icon
      wpa_gui-qt4: enhance svg icon

Dan Nicholson (2):
      Restore scan request settings if initial association failed
      Don't post scan results when initial scan is emtpy

Dan Williams (1):
      Add an optional set_mode() driver_ops handler for setting mode before keys

Johannes Berg (3):
      nl80211 driver: correctly set the encrypt bit for eapol frames
      nl80211 hostapd driver: clean up netlink code
      driver_nl80211: Remove set_ssid from nl80211 driver

Jouni Malinen (86):
      IEEE Std 802.11r-2008 has been released, so update references
      nl80211: Fixed set_mode() to actually use adhoc/station nl80211 variables
      nl80211: Fixed re-initialization of removed and re-inserted interface
      Fixed supported rates IE generation for Probe Response frames.
      nl80211: Preliminary code for usermode MLME support
      Updated EAP-TTLSv0 references to use RFC 5281
      Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest
      Added mlme_{add,remove}_sta() for userspace MLME
      Add preliminary IEEE 802.11n support into hostapd
      Add configuration option for enabling optional use of short preamble
      Do not store dynamic HT IEs in configuration structures
      Moved IEEE 802.11n parameter to be per-radio instead of per-BSS
      HT: Removed unused definitions
      Fixed EAP-FAST server PAC-Opaque padding
      Fixed internal TLSv1 server implementation for abbreviated handshake
      Updated the OpenSSL EAP-FAST patch for the current OpenSSL 0.9.9 snapshot
      Switched driver_nl80211 to use the new sta_add2()
      Send HT parameters for new STAs
      Fixed WEXT scan result parser to not crash on invalid IEs (zero len buffer)
      Added support for setting VLAN ID for STAs based on local MAC ACL
      Added a place for example mac80211_hwsim test cases
      Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
      Copy previous BSSID into STA data only after full validation of the request
      IEEE 802.11w: Added association ping
      Moved WMM action category definition into ieee802_11_defs.h
      Cleaned up TX callback request processing
      Added support for using SHA256-based stronger key derivation for WPA2
      MFP + FT: Added support for sending IGTK in FTIE
      FT: Fixed FTIE for authentication after a failed association
      IEEE 802.11w: Use comeback duration to delay association
      Fixed eap_example build to match with EAP-PEAP changes
      Add a new auto-generated file to be ignored
      Split wpa_supplicant_select_bss() into three and remove odd debug message
      Silenced compiler warnings on size_t printf format and shadowed variables
      Validate WEXT event iwe-> before using the event data
      Added OpenSSL 0.9.8i patch for EAP-FAST
      Update the OpenSSL EAP-FAST patch for current snapshot (20080928)
      Fixed build without CONFIG_CLIENT_MLME
      Added set_mode() handler for privsep
      FT: Do not call wpa_ft_prepare_auth_request() if FT is not used
      nl80211: clean up netlink code
      Fixed EAP-TTLS server to verify eap_ttls_phase2_eap_init() return code
      Added a new driver wrapper, "none", for RADIUS server only configuration
      Silenced some of the driver-related messages for driver=none case
      Add pcsc="" to configuration for EAP-SIM and EAP-AKA
      wpa_gui-qt4: Added support for configuring Phase 2 method
      Extended ctrl_iface SET_NETWORK to allow variables to be unset
      wpa_gui-qt4: Unset string variables instead of setting them to ""
      wpa_gui-qt4: Set EAP-FAST provisioning parameters
      Fixed a typo
      wpa_gui-qt4: Fixed phase2 format for EAP-FAST GTC+MSCHAPv2 case
      Save config after blob updates from EAP (if update_config=1)
      Set update_config=1 in the example Windows registry config
      NDIS: Set authMode=WPA2, if needed, when flushing PMKID cache
      Added debug_timestamp option to Windows registry
      Register a quick auth timeout if EAPOL fails to avoid long waits
      Fixed EAP-FAST peer not to add double Result TLV when ACKing PAC
      SoH: Add all the mandatory attributes into SSoH vendor specific attribute
      SoH: Add null termination for empty url in MS-Quarantine-State.
      Updated the comment on MS-Packet-Info mismatch based on [MS-SOH] info
      wpa_gui-qt4: Set EAP-FAST provisioning parameters if inner method is 'any'
      Change the order of Result TLV and PAC TLV to avoid interop issues
      EAP-FAST: Added support for disabling anonymous/authenticated provisioning
      EAP-FAST: Make PAC-Key lifetime values configurable
      Avoid some gcc 4.3 warnings about deprecated string conversions
      Fixed WPA/RSN IE validation to verify the proto (WPA vs. WPA2) is enabled
      EAP-FAST: Allow A-ID and A-ID-Info to be configured separately
      EAP-FAST peer: Fixed not to add PAC Request in PAC Acknowledgement message
      Fix group key rekeying when reauth happens during pending group key update
      Fixed EAPOL skip for PMKSA caching case to remain in authenticated state
      Set TX queue parameters during initialization
      nl80211: Finish dumps properly (ported from iw.git)
      Fixed size_t printf format for 64-bit targets
      Verify fread(), fwrite(), and system() return values
      driver_nl80211: Added basic rate configuration
      driver_nl80211: Added TX queue parameter configuration
      Removed the unused hapd argument to ieee802_11_parse_elems()
      Moved ieee802_11_parse_elems() into common code
      Use the common ieee802_11_parse_elems() implementations for mlme.c
      Use os_snprintf() instead of snprintf()
      Updated VS2005 project files with new and removed C files
      Fixed ctrl_iface BSS command to fetch scan results, if needed
      Added a note about hostapd driver_nl80211 and AP mode in wireless-testing
      Added a comment about VS2008EE and updated WinPcap/OpenSSL versions
      Fixed fwrite error path in eap_fast_write_pac not to free buf
      Preparations for 0.6.5 release

Kel Modderman (9):
      wpa_gui-qt4: desktop entry file
      wpa_gui-qt4: use new svg as application icon
      wpa_gui-qt4: remove qPixmapFromMimeSource from ui files
      wpa_gui-qt4: add system tray support
      wpa_gui-qt4: add status fields to tray message
      wpa_gui-qt4: remove lastWindowClosed() signal handler
      Don't bother showing a status message when returning to the system tray,
      wpa_gui-qt4: clean up closeEvent handler
      wpa_gui-qt4: add support for starting in system tray only

Tomas Winkler (1):
      Add Intel copyright for files with 802.11n Intel changes

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list