bfclient.conf Reference

The bfclient.conf file stores settings about Build Forge security. The file is in the Build Forge installation root directory.

The bfclient.conf file contains settings used to enable secure communications (SSL) and password encryption. It contains the following sections:

Table 1. Connection Properties
Attribute name Default Possible Values Required Description
bf_services_hostname Specified during installation n/a Yes Hostname where the Build Forge services layer is located
bf_services_tcp_port Specified during installation n/a Yes TCP port for connecting to Build Forge services. It is used when SSL is not specified.
bf_services_ssl_port Specified during installation n/a Yes SSL port for connecting to BuildForge services securely
bf_services_preferred_protocol tcp ssl, tcp Yes For Perl or PHP clients, specifies SSL or TCP for making connections. For Java clients, the SecureAPIClientConnection object specifies SSL and APIClientConnection specifies TCP.
Table 2. Login Properties
Attribute name Default Possible Values Required Description
bf_login_user None UserID in Build Forge users list No Used as the login ID. The login ID can also be specified within a client program.
bf_login_password None Password for bf_login_user Yes, if bf_login_user is used Password for bf_login_user
bf_login_realm None LDAP domain name No LDAP domain to query if the user Is not already in the User table.
Table 3. SSL properties used by both openSSL and JSSE
Attribute name Default Possible Values Required Description
bf_ssl_usage None jsse, openssl Yes Selects the SSL implementation. Depending on the selection, different properties are available.
bf_ssl_cipher_group ALL ALL, HIGH, MEDIUM, LOW No Specifies the group of ciphers to be provided during the SSL handshake. HIGH is the most secure, LOW gives the best performance, ALL is the most interoperable.
bf_ssl_cipher_override None Cypher suites that you provide No Overrides bf_ssl_cipher_group. Can be used to choose a smaller set of ciphers to use during the SSL handshake.
bf_ssl_protocol TLSv1 TLSv1, SSLv3. Can vary with implementation. No Handshake protocol used by SSL. TLSv1 is the preferred protocol.
bf_ssl_cert_alias None Valid certificate alias in the configured keystore No Specifies the certificate to use. This is possible when multiple certificates are in the same keystore.
Table 4. SSL properties used only with openSSL
Attribute name Default Possible Values Required Description
bf_ssl_key_ref openssl_key Any valid PEM keystore reference which contains a private key No Reference to a keystore configuration that contains a private key for the client to use when connecting to a server. When used, you must also specify a valid certificate for this private key in bf_ssl_cert_ref. Used only when the server is set up to request personal certificates.
bf_ssl_cert_ref openssl_cert Any valid PEM keystore reference that contains a certificate for the specified private key No Reference to a keystore configuration that contains a certificate for the private key above. Used only when the server is set up to request personal certificates.
bf_ssl_ca_ref openssl_ca Any valid PEM keystore reference that contains one or more certificates used to validate the server certificates which this client is connecting to Yes Reference to a keystore configuration that contains one or more signer certificates used to validate server certificates during an SSL handshake. The certificates can be CA root, intermediate, or self-signed.
Table 5. SSL properties used only with JSSE
Attribute name Default Possible Values Required Description
bf_ssl_keystore_ref jsse_keystore Any valid PKCS12, JKS, or JCEKS keystore reference that contains a keyEntry (private key and certificate) No Reference to a keystore configuration that contains a personal certificate (private key and associated certificate) for the client to use when connecting to a server. This is necessary only when the server requests a personal certificate for client authentication.
bf_ssl_truststore_ref jsse_truststore Any valid PKCS12, JKS, or JCEKS keystore reference that contains a keyEntry (private key and certificate) Yes Reference to a keystore configuration that contains signer certificates used to validate server certificates during an SSL handshake. The keystore contains one or more trustedCertEntries, which are certificates used to validate other certificate signatures.
Table 6. Keystore properties
Attribute name Default Possible Values Required Description
bf_keystore_alias Various String Yes This is the name an SSL configuration uses to refer to the keystore configuration.
bf_keystore_location Various Relative or fully qualified path to a keystore of the type specified Yes This is the path and location to the keystore of the type specified. The path can be a relative path, but it must be correct with respect to the starting directory.
bf_keystore_type PEM for openssl, PKCS12 for jsse PEM for openssl. PKCS12, JCEKS, or JKS for “jsse” Yes The type of the keystore. Must match the actual keystore type referenced by the bf_keystore_location property.
bf_keystore_password Specified during installation A string supported by the keystore type. Some keystores do not support non-ASCII strings. No The password for accessing the keystore. For OpenSSL, the password is usually not required for Cert and CA keystores containing just public keys.
Table 7. Cryptographic Properties
Attribute name Default Possible Values Required Description
bf_pw_crypt_enabled false true, false No Specifies whether passwords are encoded (false) or encrypted (true). When enabled, the password encryption implementation uses a file called bfpwcrypt.conf located in the same directory as bfclient.conf.

Feedback