# dh_file2: File path to DH/DSA parameters file (in PEM format)# subject_match2: Substring to be matched against the subject of the#	authentication server certificate.# altsubject_match2: Substring to be matched against the alternative subject#	name of the authentication server certificate.## EAP-PSK variables:# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format# nai: user NAI## EAP-FAST variables:# pac_file: File path for the PAC entries. wpa_supplicant will need to be able#	to create this file and write updates to it when PAC is being#	provisioned or refreshed. Full path to the file should be used since#	working directory may change when wpa_supplicant is run in the#	background. Alternatively, a named configuration blob can be used by#	setting this to blob://<blob name># phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST#	credentials (PAC)## wpa_supplicant supports number of "EAP workarounds" to work around# interoperability issues with incorrectly behaving authentication servers.# These are enabled by default because some of the issues are present in large# number of authentication servers. Strict EAP conformance mode can be# configured by disabling workarounds with eap_workaround=0.# Example blocks:# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphersnetwork={	ssid="simple"	psk="very secret passphrase"	priority=5}# Same as previous, but request SSID-specific scanning (for APs that reject# broadcast SSID)network={	ssid="second ssid"	scan_ssid=1	psk="very secret passphrase"	priority=2}# Only WPA-PSK is used. Any valid cipher combination is accepted.network={	ssid="example"	proto=WPA	key_mgmt=WPA-PSK	pairwise=CCMP TKIP	group=CCMP TKIP WEP104 WEP40	psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb	priority=2}# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104# or WEP40 as the group cipher will not be accepted.network={	ssid="example"	proto=RSN	key_mgmt=WPA-EAP	pairwise=CCMP TKIP	group=CCMP TKIP	eap=TLS	identity="user@example.com"	ca_cert="/etc/cert/ca.pem"	client_cert="/etc/cert/user.pem"	private_key="/etc/cert/user.prv"	private_key_passwd="password"	priority=1}# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel# (e.g., Radiator)network={	ssid="example"	key_mgmt=WPA-EAP	eap=PEAP	identity="user@example.com"	password="foobar"	ca_cert="/etc/cert/ca.pem"	phase1="peaplabel=1"	phase2="auth=MSCHAPV2"	priority=10}# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.network={	ssid="example"	key_mgmt=WPA-EAP	eap=TTLS	identity="user@example.com"	anonymous_identity="anonymous@example.com"	password="foobar"	ca_cert="/etc/cert/ca.pem"	priority=2}# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted# use. Real identity is sent only within an encrypted TLS tunnel.network={	ssid="example"	key_mgmt=WPA-EAP	eap=TTLS	identity="user@example.com"	anonymous_identity="anonymous@example.com"	password="foobar"	ca_cert="/etc/cert/ca.pem"	phase2="auth=MSCHAPV2"}# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner# authentication.network={	ssid="example"	key_mgmt=WPA-EAP	eap=TTLS	# Phase1 / outer authentication	anonymous_identity="anonymous@example.com"	ca_cert="/etc/cert/ca.pem"	# Phase 2 / inner authentication	phase2="autheap=TLS"	ca_cert2="/etc/cert/ca2.pem"	client_cert2="/etc/cer/user.pem"	private_key2="/etc/cer/user.prv"	private_key2_passwd="password"	priority=2}# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and# group cipher.network={	ssid="example"	bssid=00:11:22:33:44:55	proto=WPA RSN	key_mgmt=WPA-PSK WPA-EAP	pairwise=CCMP	group=CCMP	psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb}# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP# and all valid ciphers.network={	ssid=00010203	psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f}# EAP-SIM with a GSM SIM or USIMnetwork={	ssid="eap-sim-test"	key_mgmt=WPA-EAP	eap=SIM	pin="1234"	pcsc=""}# EAP-PSKnetwork={	ssid="eap-psk-test"	key_mgmt=WPA-EAP	eap=PSK	identity="eap_psk_user"	eappsk=06b4be19da289f475aa46a33cb793029	nai="eap_psk_user@example.com"}# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using# EAP-TLS for authentication and key generation; require both unicast and# broadcast WEP keys.network={	ssid="1x-test"	key_mgmt=IEEE8021X	eap=TLS	identity="user@example.com"	ca_cert="/etc/cert/ca.pem"	client_cert="/etc/cert/user.pem"	private_key="/etc/cert/user.prv"	private_key_passwd="password"	eapol_flags=3}# LEAP with dynamic WEP keysnetwork={	ssid="leap-example"	key_mgmt=IEEE8021X	eap=LEAP	identity="user"	password="foobar"}# EAP-FAST with WPA (WPA or WPA2)network={	ssid="eap-fast-test"	key_mgmt=WPA-EAP	eap=FAST	anonymous_identity="FAST-000102030405"	identity="username"	password="password"	phase1="fast_provisioning=1"	pac_file="/etc/wpa_supplicant.eap-fast-pac"}network={	ssid="eap-fast-test"	key_mgmt=WPA-EAP	eap=FAST	anonymous_identity="FAST-000102030405"	identity="username"	password="password"	phase1="fast_provisioning=1"	pac_file="blob://eap-fast-pac"}# Plaintext connection (no WPA, no IEEE 802.1X)network={	ssid="plaintext-test"	key_mgmt=NONE}# Shared WEP key connection (no WPA, no IEEE 802.1X)network={	ssid="static-wep-test"	key_mgmt=NONE	wep_key0="abcde"	wep_key1=0102030405	wep_key2="1234567890123"	wep_tx_keyidx=0	priority=5}# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key# IEEE 802.11 authenticationnetwork={	ssid="static-wep-test2"	key_mgmt=NONE	wep_key0="abcde"	wep_key1=0102030405	wep_key2="1234567890123"	wep_tx_keyidx=0	priority=5	auth_alg=SHARED}# IBSS/ad-hoc network with WPA-None/TKIP.network={	ssid="test adhoc"	mode=1	proto=WPA	key_mgmt=WPA-NONE	pairwise=NONE	group=TKIP	psk="secret passphrase"}# Catch all example that allows more or less all configuration modesnetwork={	ssid="example"	scan_ssid=1	key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE	pairwise=CCMP TKIP	group=CCMP TKIP WEP104 WEP40	psk="very secret passphrase"	eap=TTLS PEAP TLS	identity="user@example.com"	password="foobar"	ca_cert="/etc/cert/ca.pem"	client_cert="/etc/cert/user.pem"	private_key="/etc/cert/user.prv"	private_key_passwd="password"	phase1="peaplabel=0"}# Example of EAP-TLS with smartcard (openssl engine)network={	ssid="example"	key_mgmt=WPA-EAP	eap=TLS	proto=RSN	pairwise=CCMP TKIP	group=CCMP TKIP	identity="user@example.com"	ca_cert="/etc/cert/ca.pem"	client_cert="/etc/cert/user.pem"	engine=1	# The engine configured here must be available. Look at	# OpenSSL engine support in the global section.	# The key available through the engine must be the private key	# matching the client certificate configured above.	# use the opensc engine	#engine_id="opensc"	#key_id="45"	# use the pkcs11 engine	engine_id="pkcs11"	key_id="id_45"	# Optional PIN configuration; this can be left out and PIN will be	# asked through the control interface	pin="1234"}# Example configuration showing how to use an inlined blob as a CA certificate# data instead of using external filenetwork={	ssid="example"	key_mgmt=WPA-EAP	eap=TTLS	identity="user@example.com"	anonymous_identity="anonymous@example.com"	password="foobar"	ca_cert="blob://exampleblob"	priority=20}blob-base64-exampleblob={SGVsbG8gV29ybGQhCg==}