shigofumirc

Langue: en

Version: 06/27/2010 (fedora - 01/12/10)

Section: 5 (Format de fichier)

NAME

shigofumirc - Configuration file for Shigofumi

DESCRIPTION

Configuration for shigofumi is loaded from .shigofumirc in user's home directory by default.

The file is plain text file with simple syntax: Setting is stored in option = value format. If value is a type of string, it must be delimited by quotation marks. Boolean values can be expressed as "true" or non-zero integer (1) for affirmation, or "false" or zero integer (0) for negation. Simple numeric values are unquoted. Commentary starts with hash sign (#) and continues to the end of the line.

If an option accepts list of values, the syntax is traditional mathematical set notation: { value1 , value2 }.

OPTIONS

Following options are recognized. Not all of them must present. Missing options fall to default value back.

Account Options

base_url

Base URL for ISDS server. Be carefull when setting this value: This can reveal your password to bad guys running fake server (if you do not verify server identity preciously) and different host names are used with different log-in mechanism. In addition, there are two system instances administred by Czech government: official one and testing one.
E.g. use "https://ws1.czebox.cz/" for testing instance of ISDS or "https://ws1.mojedavaschranka.cz/" for official instance with valid and legal data when loging in without TLS client certificate. Otherwise, with client certificate in use, replace the ws1 domain with ws1c domain. I.e. "https://ws1c.czebox.cz/" for testing instance or "https://ws1c.mojedatovaschranka.cz/" for offical instance.
Do not forget on leading protocol schema and trailing slash. Default value is official instance locator provided by libisds library.

password

Password assigned to given user-name. User must keep it in secret. This password is used while HTTP authentication and is passed to underlying network libraries. Make sure this configuration file or your swap partition (network library together with password can be swapped out during physical memory outage) will not get to bad guys. Encrypt them before. Default value is empty string.

username

ISDS user log-in name. Identifies a user in ISDS. One person can have more identities. Default value is empty string.

TLS Options

ca_directory

Path to directory with trusted authorities certificates stored in separate files (files must have special names usually). Default value is provided by underlying cryptographic library. Exact meaning of this option depends on interpretation by used cryptographic library.

ca_file

Path to file with trusted authorities certificates (concatenated list of PEM-formatted certificates). Default value is provided by underlying cryptographic library. Exact meaning of this option depends on interpretation by used cryptographic library.

crl_file

Path to file with certificate revocation lists (concatenated list of CRLs in PEM format usually). Default value is provided by underlying cryptographic library. Exact meaning of this option depends on interpretation by used cryptographic library.

verify_server

Boolean switch deciding whether server identity should be verified. When using HTTPS connection to the server, the identity of server can be verified in TLS negotiation phase by validating server certificate against trusted certificate authority certificate and certificate revocation list. Default value is true. It's strongly recommended to keep it on.

Network Options

timeout

Non-negative integer setting network time-out in milliseconds. Use 0 not to limit any network operation. Default value is 10,000 ms.

Log Options

log_facilities

List of string values selecting libisds facility to log. Valid values are: none, http, soap, isds, file, sec, xml, all. Default set is {"none"}.

log_file

String value selecting file to append ISDS log. The log catches libisds internal debugging protocol. It does not cover messages produces by shigofumi itself. This feature is designed to debug underlying libraries and protocols like ISDS SOAP or cURL's HTTP(S). If undefined, shigofumi logs to standard error output.

log_level

Integer value setting log verbosity of libisds from interval <0;100>. 0 is no logging, 10 is critical messages, 20 errors, 30 warnings, 40 informative messages, 50 debug messages, 100 messages of all severities. Default log level is 20.

Other Options

normalize_mime_type

Boolean switch deciding whether MIME type of documents retrieved from a message should be normalized to standard values. Default value is true.
ISDS does not check document MIME type a client supplies. Unfortunately, official client sends invalid values (file name extension usually). This option allows Shigofumi to fix the type on-the-fly. Be ware the original value stored in ISDS or locally saved message keeps untouched.

NOTICE ON CRYPTOGRAPHIC LIBRARY

Shigofumi uses libisds that utilizes cURL library that can use three different cryptographic libraries at this time: OpenSSL, GnuTLS and NSS. Each library has different set of features and different configuration. Thus exact meaning of some Shigofumi configuration options can be slightly shifted (e.g. the name of client certificate and key). Some options cannot be understood at all (e.g. GnuTLS does not support directory of certificates).

Current cryptographic library can be determined from shigofumi -V output.

FILES

~/.shigofumirc

Default location of the configuration file.

EXAMPLE

 base_url = "https://www.czebox.cz/"
 # These credentials are invalid
 username = 1s79vd
 password = XY123456
 verify_server = true
 ca_file = /etc/ssl/certs/ca-certificates.crt
 ca_directory = /etc/ssl/certs
 crl_file = /etc/ssl/crl
 log_facilities = {"http", "soap"}
 

SEE ALSO

shigofumi(1)

AUTHOR

Petr Písař

He's written Shigofumi and libisds.