1SHIGOFUMIRC(5) Manual for Shigofumi SHIGOFUMIRC(5)
2
6 shigofumirc - Configuration file for Shigofumi
7
9 Configuration for shigofumi is loaded from .shigofumirc in user´s home
10 directory by default.
11 The file is plain text file with simple syntax: Setting is stored in
13 option = value format. If value is a type of string, it must be delim‐
14 ited by quotation marks. Boolean values can be expressed as "true" or
15 non-zero integer (1) for affirmation, or "false" or zero integer (0)
16 for negation. Simple numeric values are unquoted. Commentary starts
17 with hash sign (#) and continues to the end of the line.
18 If an option accepts list of values, the syntax is traditional mathe‐
20 matical set notation: { value1 , value2 }.
21
23 Following options are recognized. Not all of them must present. Missing
24 options fall to default value back.
25 Account Options
27 base_url
28 Base URL for ISDS server. Be carefull when setting this value: This
29 can reveal your password to bad guys running fake server (if you do
30 not verify server identity preciously) and different host names are
31 used with different log-in mechanism. In addition, there are two
32 system instances administred by Czech government: official one and
33 testing one.
34 E.g. use "https://ws1.czebox.cz/" for testing instance of ISDS or
36 "https://ws1.mojedavaschranka.cz/" for official instance with valid
37 and legal data when loging in without TLS client certificate. Oth‐
38 erwise, with client certificate in use, replace the ws1 domain with
39 ws1c domain. I.e. "https://ws1c.czebox.cz/" for testing instance
40 or "https://ws1c.mojedatovaschranka.cz/" for offical instance.
41 Do not forget on leading protocol schema and trailing slash.
43 Default value is official instance locator provided by libisds
44 library.
45 password
47 Password assigned to given user-name. User must keep it in secret.
48 This password is used while HTTP authentication and is passed to
49 underlying network libraries. Make sure this configuration file or
50 your swap partition (network library together with password can be
51 swapped out during physical memory outage) will not get to bad
52 guys. Encrypt them before. Default value is empty string.
53 username
55 ISDS user log-in name. Identifies a user in ISDS. One person can
56 have more identities. Default value is empty string.
57 TLS Options
59 ca_directory
60 Path to directory with trusted authorities certificates stored in
61 separate files (files must have special names usually). Default
62 value is provided by underlying cryptographic library. Exact mean‐
63 ing of this option depends on interpretation by used cryptographic
64 library.
65 ca_file
67 Path to file with trusted authorities certificates (concatenated
68 list of PEM-formatted certificates). Default value is provided by
69 underlying cryptographic library. Exact meaning of this option
70 depends on interpretation by used cryptographic library.
71 crl_file
73 Path to file with certificate revocation lists (concatenated list
74 of CRLs in PEM format usually). Default value is provided by under‐
75 lying cryptographic library. Exact meaning of this option depends
76 on interpretation by used cryptographic library.
77 verify_server
79 Boolean switch deciding whether server identity should be verified.
80 When using HTTPS connection to the server, the identity of server
81 can be verified in TLS negotiation phase by validating server cer‐
82 tificate against trusted certificate authority certificate and cer‐
83 tificate revocation list. Default value is true. It´s strongly rec‐
84 ommended to keep it on.
85 Network Options
87 timeout
88 Non-negative integer setting network time-out in milliseconds. Use
89 0 not to limit any network operation. Default value is 10,000 ms.
90 Log Options
92 log_facilities
93 List of string values selecting libisds facility to log. Valid val‐
94 ues are: none, http, soap, isds, file, sec, xml, all. Default set
95 is {"none"}.
96 log_file
98 String value selecting file to append ISDS log. The log catches
99 libisds internal debugging protocol. It does not cover messages
100 produces by shigofumi itself. This feature is designed to debug
101 underlying libraries and protocols like ISDS SOAP or cURL´s
102 HTTP(S). If undefined, shigofumi logs to standard error output.
103 log_level
105 Integer value setting log verbosity of libisds from interval
106 <0;100>. 0 is no logging, 10 is critical messages, 20 errors, 30
107 warnings, 40 informative messages, 50 debug messages, 100 messages
108 of all severities. Default log level is 20.
109 Other Options
111 normalize_mime_type
112 Boolean switch deciding whether MIME type of documents retrieved
113 from a message should be normalized to standard values. Default
114 value is true.
115 ISDS does not check document MIME type a client supplies. Unfortu‐
117 nately, official client sends invalid values (file name extension
118 usually). This option allows Shigofumi to fix the type on-the-fly.
119 Be ware the original value stored in ISDS or locally saved message
120 keeps untouched.
121
123 Shigofumi uses libisds that utilizes cURL library that can use three
124 different cryptographic libraries at this time: OpenSSL, GnuTLS and
125 NSS. Each library has different set of features and different configu‐
126 ration. Thus exact meaning of some Shigofumi configuration options can
127 be slightly shifted (e.g. the name of client certificate and key).
128 Some options cannot be understood at all (e.g. GnuTLS does not support
129 directory of certificates).
130 Current cryptographic library can be determined from shigofumi -V out‐
132 put.
133
135 ~/.shigofumirc
136 Default location of the configuration file.
137
139 base_url = "https://www.czebox.cz/"
140 # These credentials are invalid
141 username = 1s79vd
142 password = XY123456
143 verify_server = true
144 ca_file = /etc/ssl/certs/ca-certificates.crt
145 ca_directory = /etc/ssl/certs
146 crl_file = /etc/ssl/crl
147 log_facilities = {"http", "soap"}
148
150 shigofumi(1)
151
153 Petr Písař
154 He's written Shigofumi and libisds.
155Shigofumi 06/27/2010 SHIGOFUMIRC(5)