Add some notes and clarify a few sections:

1. Add a note to double-check the man page
2. Remove windows-specific items in the ctrl_interface section
3. Add a note that ap_scan must be set to 1 for use with wlan
4. Clarify the wording for scan_ssid related to APs that hide ssid
5. Clarify the wording for the priority option

contrib/wpa/wpa_supplicant/wpa_supplicant.conf

@@ -1,5 +1,7 @@
 ##### Example wpa_supplicant configuration file ###############################
 #
+# ***** Please check wpa_supplicant.conf(5) for details on these options *****
+#
 # This file describes configuration file format and lists all available option.
 # Please also take a look at simpler configuration examples in 'examples'
 # subdirectory.
@@ -59,19 +61,6 @@
 # DIR=/var/run/wpa_supplicant GROUP=0
 # (group can be either group name or gid)
 #
-# For UDP connections (default on Windows): The value will be ignored. This
-# variable is just used to select that the control interface is to be created.
-# The value can be set to, e.g., udp (ctrl_interface=udp)
-#
-# For Windows Named Pipe: This value can be used to set the security descriptor
-# for controlling access to the control interface. Security descriptor can be
-# set using Security Descriptor String Format (see http://msdn.microsoft.com/
-# library/default.asp?url=/library/en-us/secauthz/security/
-# security_descriptor_string_format.asp). The descriptor string needs to be
-# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
-# DACL (which will reject all connections). See README-Windows.txt for more
-# information about SDDL string format.
-#
 ctrl_interface=/var/run/wpa_supplicant
 
 # IEEE 802.1X/EAPOL version
@@ -102,6 +91,8 @@ eapol_version=1
 #    the driver reports successful association; each network block should have
 #    explicit security policy (i.e., only one option in the lists) for
 #    key_mgmt, pairwise, group, proto variables
+#
+# For use in FreeBSD with the wlan module ap_scan must be set to 1.
 ap_scan=1
 
 # EAP fast re-authentication
@@ -221,7 +212,7 @@ fast_reauth=1
 # scan_ssid:
 #	0 = do not scan this SSID with specific Probe Request frames (default)
 #	1 = scan with SSID-specific Probe Request frames (this can be used to
-#	    find APs that do not accept broadcast SSID or use multiple SSIDs;
+#	    find APs that hide (do not broadcast) SSID or use multiple SSIDs;
 #	    this will add latency to scanning, so enable this only when needed)
 #
 # bssid: BSSID (optional); if set, this network block is used only when
@@ -237,7 +228,7 @@ fast_reauth=1
 # policy, signal strength, etc.
 # Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
 # using this priority to select the order for scanning. Instead, they try the
-# networks in the order that used in the configuration file.
+# networks in the order that they are listed in the configuration file.
 #
 # mode: IEEE 802.11 operation mode
 # 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)