88242715f4
In many cases, using OpenSSL's default certificate store is fine and even preferred. If your OpenSSL provider (e.g. your distribution) is competent, they will manage this database better than you likely will. With this change, bip will attempt to use the default certificate store if you set CA mode but do not specify a certificate store location. This could be refined to test after enabling the default paths whether the certificate store is empty, and error/warn if so.
236 lines
7.9 KiB
Plaintext
236 lines
7.9 KiB
Plaintext
# bip default config file.
|
|
# Thou shoult change thy password
|
|
|
|
# Listening IP address. This is the IP address bip will listen for incoming
|
|
# client connections.
|
|
ip = "0.0.0.0";
|
|
|
|
# To connect a client to bip, try the port below, and
|
|
# be sure to set the password to the value
|
|
# specified in the network you want to connect to.
|
|
# Port is 6667 by default.
|
|
port = 7778;
|
|
|
|
# If you set this to true, you'll only be able to connect to bip
|
|
# with a SSL capable IRC client. Be sure to generate a certificate
|
|
# for bip using scripts/bipgenconfig.
|
|
client_side_ssl = false;
|
|
|
|
# This is the file containing the SSL cert/key pair bip'll use to
|
|
# serve SSL clients. If unset, it defaults to <biphome>/bip.pem
|
|
#client_side_ssl_pem = "/path/to/pemfile";
|
|
|
|
# Define where the pidfile should be stored. Defaults to <biphome>/bip.pid
|
|
#pid_file="/var/run/bip/bip.pid";
|
|
|
|
# Uncomment this line to disable logging and backlogging.
|
|
#log = false
|
|
|
|
# Define bip's log level :
|
|
# 0 : only fatal errors
|
|
# 1 : add others errors
|
|
# 2 : add warnings
|
|
# 3 : add info messages
|
|
# 4 : add debug messages
|
|
log_level = 3;
|
|
|
|
# This is where logs go. Channel and private messages will use that
|
|
# configuration value as a prefix, and then log_format to determine
|
|
# full log filename.
|
|
#log_root = "/var/proxy/logs";
|
|
|
|
# Uncomment this line to disable bip's internal messages logging.
|
|
# This is not recommended, a better option is to reduce log_level.
|
|
#log_system = false;
|
|
|
|
# Log format allows you to make log filenames depend on the log line's
|
|
# attributes. Here's a list :
|
|
# %u -> user name
|
|
# %n -> network name
|
|
# %Y -> 4 digit year
|
|
# %m -> 2 digit month
|
|
# %d -> 2 digit day
|
|
# %h -> 2 digit hour of the day
|
|
# %c -> destination (#chan, nick, ...)
|
|
#log_format = "%u/%n/%Y-%m/%c.%d.log";
|
|
|
|
# Sets the frequency (in seconds) of log syncing (real write to kernel)
|
|
#log_sync_interval = 5;
|
|
|
|
# Network definition, a name and server info
|
|
network {
|
|
name = "iiens";
|
|
server { host = "irc.iiens.net"; port = 6667; };
|
|
};
|
|
|
|
network {
|
|
name = "oftc";
|
|
server { host = "irc.oftc.net"; port = 6667; };
|
|
#server { host = "other.oftc.server"; port = 6667; };
|
|
};
|
|
|
|
# SSL network sample. SSL is per-network option, not per-server !
|
|
network {
|
|
name = "oftcs";
|
|
ssl = true;
|
|
server { host = "ircs.oftc.net"; port = 9999; };
|
|
};
|
|
|
|
# Configuration example with one user who connects to two irc networks
|
|
# To use the multi-server feature:
|
|
# - define the connections
|
|
# - chose and setup a different login for each connection
|
|
# on your irc client:
|
|
# - Use the multi server feature of your client, the server being each time
|
|
# the server where bip is running. In your client setup server password to:
|
|
# username:password:connectionname
|
|
# - do not store the password in clear here, use the bipmkpw util to generate
|
|
# a hash
|
|
|
|
# User structure is grouping information for a given user
|
|
user {
|
|
# The name in bip of the user
|
|
# This is used by bip only
|
|
name = "bip4ever";
|
|
# this user's password (md5(md5("tata"))) with seed - generated by
|
|
# bipmkpw
|
|
password = "3880f2b39b3b9cb507b052b695d2680859bfc327";
|
|
|
|
# Set this to true if you want "bip4ever" to have admin privileges on
|
|
# bip He'll be able to RELOAD bip and see all users' configuration
|
|
# (except pass)
|
|
admin = true;
|
|
|
|
# When bip_use_notice is true, bip will send internal messages like
|
|
# disconnection notifications or /BIP commands replies as notices
|
|
# instead of private messages. The default is false.
|
|
#bip_use_notice = true;
|
|
|
|
# SSL certificates checking mode for user:
|
|
# - "none" to accept anything;
|
|
# - "basic" to accept if the certificate is contained in the store;
|
|
# In "basic" mode, encountered untrusted certificates can be added to
|
|
# the store interactively by connecting a client and "trusting" them.
|
|
# - "ca" to do a complete certificate chain checking with the objects
|
|
# in the store below (you have to put in it every cert, CRL, up to the
|
|
# root CA). You have to build your store manually, so you may prefer
|
|
# using "basic" unless you're a crypto zealot...
|
|
ssl_check_mode = "none";
|
|
|
|
# Location of the user's store for server SSL certificate check
|
|
# In "basic" mode, that must point to a single file with all trusted
|
|
# certs concatenated together (the interactive "trust" appends to this
|
|
# file).
|
|
# In "ca" mode, it can be either:
|
|
# - a directory of a standard openssl store; you must put PEM objects
|
|
# (certificates, CRLs...) with .pem extension and run `c_rehash .' in it
|
|
# - a certificate bundle file containing one or more certificates in PEM
|
|
# format, enclosed in BEGIN CERTIFICATE / END CERTIFICATE lines
|
|
# - unspecified: in this case, bip will attempt to use the default
|
|
# certificate store of the OpenSSL it is built against
|
|
ssl_check_store = "/home/bip4ever/.bip/trustedcerts.txt";
|
|
|
|
# Some networks (OFTC at least) allow you to authenticate to nickserv
|
|
# using client side certificates, see
|
|
# http://www.oftc.net/oftc/NickServ/CertFP
|
|
# This is where you put your user's certificate.
|
|
# ssl_client_certfile = "/home/bip4ever/.bip/bip4ever_client_auth.pem";
|
|
|
|
# These will be the default for each connections
|
|
default_nick = "bip4ever";
|
|
default_user = "bip4ever";
|
|
default_realname = "bip4ever";
|
|
|
|
# Makes bip send the log of each channel and privates while
|
|
# you were not connected to the proxy upon connection.
|
|
#backlog = true; # enable backlog
|
|
backlog_lines = 10; # number of lines in backlog, 0 means
|
|
# no limit
|
|
backlog_always = true; # backlog even lines already backlogged
|
|
# = do not reset backlog when no client
|
|
# attached anymore
|
|
#backlog_no_timestamp = false; # Disables time stamps if you find them
|
|
# ugly.
|
|
|
|
# If blreset_on_talk talking on an irc network has the same effect of
|
|
# issuing /bip blreset <current window>, meaning that stuffed logged
|
|
# before the command won't be read back on backlog
|
|
#backlog_reset_on_talk = false;
|
|
#
|
|
# If you have backlog_reset_on_talk set to true, talking in a query
|
|
# will reset the backlog for the query. Same goes for channel. With the
|
|
# following option set to true, talking in a connection will reset the
|
|
# whole connection. The backlog for the current network is reset.
|
|
#backlog_reset_connection = true;
|
|
|
|
# If bl_msg_only is true, only channel and private messages will be
|
|
# backlogged upon the reconnection of a client. Default is false, thus
|
|
# joins, parts, quits, nick changes, topic changes, ... are backlogged
|
|
#backlog_msg_only = false;
|
|
|
|
|
|
# A user can have mutiple connections to irc networks.
|
|
# define a connection:
|
|
connection {
|
|
name = "iiens"; # used by bip only
|
|
network = "iiens"; # which ircnet to connect to
|
|
|
|
# You can define ssl_check_mode here, if you want a different
|
|
# behavior than the one defined in the parent user {}.
|
|
#ssl_check_mode = "none";
|
|
|
|
# If you have multiple IP addresses, you can set the one you
|
|
# want bip to use here. See manpage for more information.
|
|
#vhost = "192.168.10.6";
|
|
|
|
# When source_port is defined, bip will connect to the IRC
|
|
# server from this port number. That means the IRC server will
|
|
# see the socket coming from <your_ip>:source_port.
|
|
#source_port = "4567";
|
|
|
|
# these will be sent to the real server
|
|
#nick = "othernick";
|
|
#user = "otheruser";
|
|
#realname = "otheruser";
|
|
#password = "serverpassword";
|
|
|
|
# Some options:
|
|
#away_nick = "bip`away";
|
|
# Away message to be set when no client is connected
|
|
#no_client_away_msg = "Having life, knock again later";
|
|
#follow_nick = true;
|
|
#ignore_first_nick = true;
|
|
|
|
#autojoin_on_kick = false;
|
|
#ignore_server_capab = false;
|
|
|
|
# Autojoined channels:
|
|
channel { name = "#bip"; };
|
|
# Password protected channel
|
|
channel {
|
|
name = "#elite_UnDeRgR0uNd";
|
|
key = "sikiour";
|
|
};
|
|
channel {
|
|
name = "#huge(28)_activity";
|
|
# disable backlogging of this channel.
|
|
backlog = false;
|
|
};
|
|
};
|
|
|
|
# another connection (optional)
|
|
connection {
|
|
name = "oftc"; # used by bip only
|
|
network = "oftc"; # which ircnet to connect to
|
|
|
|
# Some options:
|
|
#away_nick = "bip`away";
|
|
#follow_nick = true;
|
|
#ignore_first_nick = true;
|
|
#on_connect_send = "PRIVMSG NickServ :IDENTIFY nspassword";
|
|
|
|
# Autojoined channels:
|
|
channel { name = "#bip"; };
|
|
};
|
|
};
|