hostapd/wpa_supplicant - new development release v0.5.6

Jouni Malinen jkmaline at cc.hut.fi
Fri Nov 24 20:44:23 EST 2006


New versions of wpa_supplicant and hostapd were just
released and are now available from http://hostap.epitest.fi/

This release is from the development branch (0.5.x). Please note that
0.4.x branch continues to be the current source of stable releases.

This release is the last development release from 0.5.x branch and
this branch is now entering feature/cleanup freeze during which only bug
fixes are accepted until 0.5.7 is released as the first stable 0.5.x
release. I will create a new branch (hostap_0_5_branch) for 0.5.x
development and CVS trunk will continue as the location for main
development (now, 0.6.x development versions).

This would be a good time for starting to test 0.5.x versions unless
you've already done so. I would expect 0.5.7 to be released within a
month or so and I would like to resolve all major problems from 0.5.x
branch before this. Please report any issues found in 0.5.6 or later
snapshots into Bugzilla database or on this mailing list.


hostapd:
* added support for configuring and controlling multiple BSSes per
  radio interface (bss=<ifname> in hostapd.conf); this is only
  available with Devicescape and test driver interfaces
* fixed PMKSA cache update in the end of successful RSN
  pre-authentication
* added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
  for each STA based on RADIUS Access-Accept attributes); this requires
  VLAN support from the kernel driver/802.11 stack and this is
  currently only available with Devicescape and test driver interfaces
* driver_madwifi: fixed configuration of unencrypted modes (plaintext
  and IEEE 802.1X without WEP)
* removed STAKey handshake since PeerKey handshake has replaced it in
  IEEE 802.11ma and there are no known deployments of STAKey
* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
  draft (draft-ietf-emu-eap-gpsk-01.txt)
* added preliminary implementation of IEEE 802.11w/D1.0 (management
  frame protection)
  (Note: this requires driver support to work properly.)
  (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
* hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
* hlr_auc_gw: added support for reading per-IMSI Milenage keys and
  parameters from a text file to make it possible to implement proper
  GSM/UMTS authentication server for multiple SIM/USIM cards using
  EAP-SIM/EAP-AKA
* fixed session timeout processing with drivers that do not use
  ieee802_11.c (e.g., madwifi)

wpa_supplicant:
* added experimental, integrated TLSv1 client implementation with the
  needed X.509/ASN.1/RSA/bignum processing (this can be enabled by
  setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in
  .config); this can be useful, e.g., if the target system does not
  have a suitable TLS library and a minimal code size is required
  (total size of this internal TLS/crypto code is bit under 50 kB on
  x86 and the crypto code is shared by rest of the supplicant so some
  of it was already required; TLSv1/X.509/ASN.1/RSA added about 25 kB)
* removed STAKey handshake since PeerKey handshake has replaced it in
  IEEE 802.11ma and there are no known deployments of STAKey
* updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
  draft (draft-ietf-emu-eap-gpsk-01.txt)
* added preliminary implementation of IEEE 802.11w/D1.0 (management
  frame protection)
  (Note: this requires driver support to work properly.)
  (Note2: IEEE 802.11w is an unapproved draft and subject to change.)
* fixed Windows named pipes ctrl_iface to not stop listening for
  commands if client program opens a named pipe and closes it
  immediately without sending a command
* fixed USIM PIN status determination for the case that PIN is not
  needed (this allows EAP-AKA to be used with USIM cards that do not
  use PIN)
* added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
  be used with cards that do not support file selection based on
  partial AID
* added support for matching the subjectAltName of the authentication
  server certificate against multiple name components (e.g.,
  altsubject_match="DNS:server.example.com;DNS:server2.example.com")
* fixed EAP-SIM/AKA key derivation for re-authentication case (only
  affects IEEE 802.1X with dynamic WEP keys)
* changed ctrl_iface network configuration 'get' operations to not
  return password/key material; if these fields are requested, "*"
  will be returned if the password/key is set, but the value of the
  parameter is not exposed

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list