/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

fetchcrl/fetch-crl.cnf.example revision 1758 by davidg, Fri Jun 11 15:39:04 2010 UTC nl.nikhef.pdp.fetchcrl/trunk/fetch-crl.cnf.example revision 3275 by davidg, Thu Jan 16 20:33:09 2020 UTC
# Line 6  Line 6 
6  # use SEMICOLON (;) or \001 (^A) as list separators in values  # use SEMICOLON (;) or \001 (^A) as list separators in values
7  #  #
8  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
9    # cfgdir sets the directory where subordinate configuration files are
10    # found. These files are read in addition to the main config file.
11    # The default directory is /etc/fetch-crl.d/ and is used by default, so
12    # to suppress this behaviour set this to the empty value ""
13    #
14    # cfgdir = /etc/fetch-crl.d
15    #
16    # ---------------------------------------------------------------------------
17  # infoset set the location where the meta-data files (.info or .crl_url)  # infoset set the location where the meta-data files (.info or .crl_url)
18  # are help by default. All trust anchors listed there are processes, so  # are help by default. All trust anchors listed there are processes, so
19  # to suppress this behaviour set this to the empty value ""  # to suppress this behaviour set this to the empty value ""
# Line 93  Line 101 
101  #  #
102  # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@  # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@
103  #  #
104    # When @HASH@ (c_hash from default OpenSSL version as based on the retrieved
105    # CRL) is used in this template list, a CRL will *always* be retrieved first,
106    # even if no corresponding trust anchor is found later. Use of @HASH@ is
107    # only recommended in case the name of the crl_url or info file is different
108    # from the name of the trust anchor.
109    #
110    # catemplate  = @ALIAS@.pem; @ALIAS@.@R@; @ANCHORNAME@.@R@; @HASH@.0
111    #
112  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
113  # opensslmode is used if the openssl format for output is specified and also  # opensslmode is used if the openssl format for output is specified and also
114  # OpenSSL version 1.0.0 or higher are used. If so, you can have the CRL data  # OpenSSL version 1.0.0 or higher are used. If so, you can have the CRL data
# Line 111  Line 127 
127  # nonssverify  # nonssverify
128  #  #
129  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
130    # use up to <parallelism> thread in parallel to retrieve and install CRLs
131    # This feature is likely NOT COMPATIBLE with the use of NSS databases for
132    # CRLs, due to thread contention issues
133    #
134    # parallelism = 5
135    #
136    # ---------------------------------------------------------------------------
137  # wait up to <randomwait> seconds before doing anything at all  # wait up to <randomwait> seconds before doing anything at all
138  # useful for randoming the start time and download from cron across the world  # useful for randoming the start time and download from cron across the world
139  #  #
# Line 148  Line 171 
171  #  #
172  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
173  # noerrors suppresses the pritning and logging or any and all errors (but  # noerrors suppresses the pritning and logging or any and all errors (but
174  # not warnings or verbose messages)  # not warnings or verbose messages). It also suppresses retrieval errors.
175  #  #
176  # noerrors  # noerrors
177  #  #
178  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
179    # rcmode determines if the return code of fetch-crl will be influenced by
180    # CRL retrieval errors. If rcmode is "normal" (default), any reported errors
181    # will cause the return exit status to be "1".
182    #  normal             - both retrieval and other errors set exit code 1
183    #  differentiated     - retrieval errors result in exit code 2, presence
184    #                       of any other reported errors result in exit 1
185    #  noretrievalerrors  - retrieval errors only results in exit code 0, presence
186    #                       of any other reported errors result in exit 1
187    # Note that setting "noerrors" will suppress retrieval errors entirely!
188    #
189    # rcmode = normal
190    #
191    # ---------------------------------------------------------------------------
192    # noquiet ignores a single "-q" option on the commandline and honours the
193    # verbosity set here even if -q is specified. To counter this setting, give
194    # at least two (2) "-q" arguments
195    #
196    # noquiet
197    #
198    # ---------------------------------------------------------------------------
199  # agingtolerance sets the time in hours before retrieval warnings become  # agingtolerance sets the time in hours before retrieval warnings become
200  # errors for a CRL retrieval. If you also suppress warnings, you will  # errors for a CRL retrieval. If you also suppress warnings, you will
201  # prevent any annoying messages for a trust anchor for up to <hrs> hours.  # prevent any annoying messages for a trust anchor for up to <hrs> hours.
# Line 162  Line 205 
205  # agingtolerance = 24  # agingtolerance = 24
206  #  #
207  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
208    # cache_control_request sends a cache-control max-age hint towards the
209    # server in the HTTP request, that suggests to intermediate caches and
210    # reverse proxies to cache CRL replies no longer than the specified time
211    # This control is a hint towards caching servers and CDNs and cannot be
212    # enforced. It does NOT affect the cache local to fetch-crl
213    # Default is unset, and no Cache-control header will be sent unless this
214    # config option is specified
215    #
216    # cache_control_request = 3600
217    #
218    # ---------------------------------------------------------------------------
219  # prepend_url URLs are tried first before using any URLs form the crl_url  # prepend_url URLs are tried first before using any URLs form the crl_url
220  # file or the .info crl_url (crl_url.0) fields  # file or the .info crl_url (crl_url.0) fields
221  #  #
# Line 196  Line 250 
250  # stateless  # stateless
251  #  #
252  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
253    # By default, the perl LWP library does not use IPv6 network sockets. The
254    # perl module Net::INET6GLUE::INET6_as_INET can mitigate this behaviour
255    # by re-mapping all INET socket calls to INET6 socket calls. If you have
256    # the Net::INET6Glue module installed, you may enable this flag in the
257    # cofiguration. Note: the Net::INET6Glue module MUST be installed for this
258    # flag to work. Installation of this module is options and it does not
259    # ship by default with fetch-crl3. You can obtain this module from CPAN.
260    #
261    # inet6glue
262    #
263    # ---------------------------------------------------------------------------
264    # To run a script after the completion of every fetch-crl run, set this
265    # path to point to an executable. The named program will be invoked
266    # with the following arguments
267    #   "v1" "global" <infodir-path> <cadir-path> <output-path>
268    # - return code of the program will influence return status of fetch-crl
269    # - this must be a program path - no arguments are allowed here. Use wrapping
270    #   in a script if you must pass your own arguments as well
271    #
272    # postexec = <path>
273    #
274    # ---------------------------------------------------------------------------
275    # override the UserAgent string used for all downloads. This may be needed
276    # if you hit an over-active firewall or proxy in your network path that
277    # blocks apparent libwww-perl user agents. Can also be set per trust anchor
278    #
279    # user_agent = <string>
280    #
281    # ---------------------------------------------------------------------------
282  # override version or packager to influence the User-Agent header in http  # override version or packager to influence the User-Agent header in http
283  # requests. But please leave them alone  # requests. But please leave them alone
284  # version = 3.0  # version = 3.0
# Line 238  Line 321 
321  #nowarnings  #nowarnings
322  #  #
323  # ---------------------------------------------------------------------------  # ---------------------------------------------------------------------------
324    # Do not process symlinked meta-data, preventing triple downloads with
325    # the new-format IGTF distribution before release 1.37 (1.33 up to and
326    # including 1.36 also symlinked the .info file to the hash names)
327    #nosymlinks
328    #
329    # ---------------------------------------------------------------------------
330    # To run a script after the successful completion of each CRL retrieval set
331    # path to point to an executable. The named program will be invoked
332    # with the following arguments
333    #   "v1" "ta" <ta-alias> <infofilename> <cadir-path> <output-path>
334    # - return code of the program will influence return status of fetch-crl
335    # - program may run IN PARALLEL, so should be written to permit concurrent
336    #   execution
337    # - this must be a program path - no arguments are allowed here. Use wrapping
338    #   in a script if you must pass your own arguments as well
339    #
340    # postexec = <path>
341    #
342    # ---------------------------------------------------------------------------
343  # You can also (un) set the following on a per-trust anchor basis:  # You can also (un) set the following on a per-trust anchor basis:
344  #  #
345  # (no)prepend_url (no)postpend_url (no)http_proxy (no)statedir  --  # (no)prepend_url (no)postpend_url (no)http_proxy (no)statedir  --
# Line 247  Line 349 
349  #         override a global setting (no value possible)  #         override a global setting (no value possible)
350  #  #
351  # agingtolerance httptimeout nametemplate_der nametemplate_pem  # agingtolerance httptimeout nametemplate_der nametemplate_pem
352  # cadir catemplate  # cadir catemplate user_agent
353  #         set these to a local value (but they cannot be unset)  #         set these to a local value (but they cannot be unset)
354  #  #
355  #  #

Legend:
Removed from v.1758  
changed lines
  Added in v.3275

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28