$OpenBSD: patch-wpa_supplicant_defconfig,v 1.2 2019/12/28 18:58:36 sthen Exp $

Index: wpa_supplicant/.config
--- wpa_supplicant/.config.orig
+++ wpa_supplicant/.config
@@ -12,8 +12,8 @@
 
 # Uncomment following two lines and fix the paths if you have installed OpenSSL
 # or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
+CFLAGS += -I${LOCALBASE}/include/PCSC
+LIBS += -L${LOCALBASE}/lib
 
 # Some Red Hat versions seem to include kerberos header files from OpenSSL, but
 # the kerberos files are not in the default include path. Following line can be
@@ -26,10 +26,10 @@
 # replacement for WEXT and its use allows wpa_supplicant to properly control
 # the driver to improve existing functionality like roaming and to support new
 # functionality.
-CONFIG_DRIVER_WEXT=y
+#CONFIG_DRIVER_WEXT=y
 
 # Driver interface for Linux drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
+#CONFIG_DRIVER_NL80211=y
 
 # QCA vendor extensions to nl80211
 #CONFIG_DRIVER_NL80211_QCA=y
@@ -54,6 +54,8 @@ CONFIG_LIBNL32=y
 #LIBS_p += -L/usr/local/lib
 #LIBS_c += -L/usr/local/lib
 
+CONFIG_DRIVER_OPENBSD=y
+
 # Driver interface for Windows NDIS
 #CONFIG_DRIVER_NDIS=y
 #CFLAGS += -I/usr/include/w32api/ddk
@@ -128,7 +130,7 @@ CONFIG_EAP_GTC=y
 CONFIG_EAP_OTP=y
 
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
+CONFIG_EAP_SIM=y
 
 # Enable SIM simulator (Milenage) for EAP-SIM
 #CONFIG_SIM_SIMULATOR=y
@@ -146,7 +148,7 @@ CONFIG_EAP_PAX=y
 CONFIG_EAP_LEAP=y
 
 # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA=y
 
 # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
 # This requires CONFIG_EAP_AKA to be enabled, too.
@@ -164,10 +166,10 @@ CONFIG_EAP_GPSK=y
 CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-TNC and related Trusted Network Connect support (experimental)
-CONFIG_EAP_TNC=y
+#CONFIG_EAP_TNC=y
 
 # Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
+#CONFIG_WPS=y
 # Enable WPS external registrar functionality
 #CONFIG_WPS_ER=y
 # Disable credentials for an open network by default when acting as a WPS
@@ -195,7 +197,7 @@ CONFIG_SMARTCARD=y
 
 # PC/SC interface for smartcards (USIM, GSM SIM)
 # Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
+CONFIG_PCSC=y
 
 # Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
 #CONFIG_HT_OVERRIDES=y
@@ -204,7 +206,7 @@ CONFIG_SMARTCARD=y
 #CONFIG_VHT_OVERRIDES=y
 
 # Development testing
-#CONFIG_EAPOL_TEST=y
+CONFIG_EAPOL_TEST=y
 
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
@@ -246,7 +248,7 @@ CONFIG_CTRL_IFACE=y
 #CONFIG_NO_WPA_PASSPHRASE=y
 
 # Simultaneous Authentication of Equals (SAE), WPA3-Personal
-CONFIG_SAE=y
+#CONFIG_SAE=y
 
 # Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
@@ -312,7 +314,7 @@ CONFIG_BACKEND=file
 
 # IEEE 802.11w (management frame protection), also known as PMF
 # Driver support is also needed for IEEE 802.11w.
-CONFIG_IEEE80211W=y
+#CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
 #CONFIG_OCV=y
@@ -330,14 +332,14 @@ CONFIG_IEEE80211W=y
 # are used. It should be noted that some existing TLS v1.0 -based
 # implementation may not be compatible with TLS v1.1 message (ClientHello is
 # sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
+CONFIG_TLSV11=y
 
 # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
 # can be enabled to enable use of stronger crypto algorithms. It should be
 # noted that some existing TLS v1.0 -based implementation may not be compatible
 # with TLS v1.2 message (ClientHello is sent prior to negotiating which version
 # will be used)
-#CONFIG_TLSV12=y
+CONFIG_TLSV12=y
 
 # Select which ciphers to use by default with OpenSSL if the user does not
 # specify them.
@@ -367,10 +369,10 @@ CONFIG_IEEE80211W=y
 
 # Add support for new DBus control interface
 # (fi.w1.hostap.wpa_supplicant1)
-CONFIG_CTRL_IFACE_DBUS_NEW=y
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
 
 # Add introspection support for new DBus control interface
-CONFIG_CTRL_IFACE_DBUS_INTRO=y
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
 
 # Add support for loading EAP methods dynamically as shared libraries.
 # When this option is enabled, each EAP method can be either included
@@ -394,7 +396,7 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
 #CONFIG_DYNAMIC_EAP_METHODS=y
 
 # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-CONFIG_IEEE80211R=y
+#CONFIG_IEEE80211R=y
 
 # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
 CONFIG_DEBUG_FILE=y
@@ -468,7 +470,7 @@ CONFIG_DEBUG_SYSLOG=y
 # disabled. This will save some in binary size and CPU use. However, this
 # should only be considered for builds that are known to be used on devices
 # that meet the requirements described above.
-#CONFIG_NO_RANDOM_POOL=y
+CONFIG_NO_RANDOM_POOL=y
 
 # Should we attempt to use the getrandom(2) call that provides more reliable
 # yet secure randomness source than /dev/random on Linux 3.17 and newer.
@@ -476,11 +478,11 @@ CONFIG_DEBUG_SYSLOG=y
 #CONFIG_GETRANDOM=y
 
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
-CONFIG_IEEE80211N=y
+#CONFIG_IEEE80211N=y
 
 # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
 # (depends on CONFIG_IEEE80211N)
-CONFIG_IEEE80211AC=y
+#CONFIG_IEEE80211AC=y
 
 # Wireless Network Management (IEEE Std 802.11v-2011)
 # Note: This is experimental and not complete implementation.
@@ -490,10 +492,10 @@ CONFIG_IEEE80211AC=y
 # This can be used to enable functionality to improve interworking with
 # external networks (GAS/ANQP to learn more about the networks and network
 # selection based on available credentials).
-CONFIG_INTERWORKING=y
+#CONFIG_INTERWORKING=y
 
 # Hotspot 2.0
-CONFIG_HS20=y
+#CONFIG_HS20=y
 
 # Enable interface matching in wpa_supplicant
 #CONFIG_MATCH_IFACE=y
@@ -506,12 +508,12 @@ CONFIG_HS20=y
 # should be noted that this is mainly aimed at simple cases like
 # WPA2-Personal while more complex configurations like WPA2-Enterprise with an
 # external RADIUS server can be supported with hostapd.
-CONFIG_AP=y
+#CONFIG_AP=y
 
 # P2P (Wi-Fi Direct)
 # This can be used to enable P2P support in wpa_supplicant. See README-P2P for
 # more information on P2P operations.
-CONFIG_P2P=y
+#CONFIG_P2P=y
 
 # Enable TDLS support
 #CONFIG_TDLS=y
@@ -519,7 +521,7 @@ CONFIG_P2P=y
 # Wi-Fi Display
 # This can be used to enable Wi-Fi Display extensions for P2P using an external
 # program to control the additional information exchanges in the messages.
-CONFIG_WIFI_DISPLAY=y
+#CONFIG_WIFI_DISPLAY=y
 
 # Autoscan
 # This can be used to enable automatic scan support in wpa_supplicant.
@@ -585,7 +587,7 @@ CONFIG_WIFI_DISPLAY=y
 # Support RSN on IBSS networks
 # This is needed to be able to use mode=1 network profile with proto=RSN and
 # key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-CONFIG_IBSS_RSN=y
+#CONFIG_IBSS_RSN=y
 
 # External PMKSA cache control
 # This can be used to enable control interface commands that allow the current
@@ -600,7 +602,7 @@ CONFIG_IBSS_RSN=y
 # operations for roaming within an ESS (same SSID). See the bgscan parameter in
 # the wpa_supplicant.conf file for more details.
 # Periodic background scans based on signal strength
-CONFIG_BGSCAN_SIMPLE=y
+#CONFIG_BGSCAN_SIMPLE=y
 # Learn channels used by the network and try to avoid bgscans on other
 # channels (experimental)
 #CONFIG_BGSCAN_LEARN=y
@@ -612,4 +614,4 @@ CONFIG_BGSCAN_SIMPLE=y
 # Device Provisioning Protocol (DPP)
 # This requires CONFIG_IEEE80211W=y to be enabled, too. (see
 # wpa_supplicant/README-DPP for details)
-CONFIG_DPP=y
+#CONFIG_DPP=y
