WolfSSL has a significant lower flash footprint. Also, issues with OWE /
SAE connections were fixed in OpenWrt a while ago.
See ddcb970274
Signed-off-by: David Bauer <mail@david-bauer.net>
This removes PKG_VERSION and PKG_RELEASE from most Makefiles, as the
value was never useful for Gluon packages; instead, PKG_VERSION is set
to 1 in gluon.mk.
It also removes two other weird definitions:
- gluon-iptables-clamp-mss-to-pmtu replicating the old PKG_VERSION logic
from gluon-core, but without the fixed PKG_BUILD_DIR to prevent
unnessary rebuilds
- gluon-hoodselector set GLUON_VERSION=3
This switches the used wireless daemons for OWE / SAE to the OpenSSL
flavors. The WolfSSL implementation currently seems to be broken.
THis switch may be reverted at a later point in time when hostapd /
wpa_supplicant implementations for WolfSSL have matured.
Separate wireless-related helper methods from the util module to a
new wireless module. This keeps them separated, as the amount of
wireless helpers increased in the past, justifying a separate module.
This package adds support for SAE on 802.11s mesh connections.
Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.
In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.
If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.
For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.
Fixes#1636
