codex_server is the binary for the server.The following command-line options are recognized:
-c <config_file> The configuration file for this server.-s <section> The relevant section of the configuration file. If not provided, the default section will be used.The configuration file must be in OpenSSL's CONF format and should define the following fields:
nhosts The number of servers in the quorum system.hostnum The number identifying this server. Valid numbers are 0 through nhosts-1.host<i> The address of server number <i>. There should be one of these fields for each of the nhosts servers.ciphers A list of ciphers to use in creating secure links, in order of preference. Since codex_server uses the TLSv1 protocol, the appropriate value of this parameter can be obtained by running the command openssl ciphers -tls1client_port This specifies the port on which this server listens for client connections.server_port [optional] If present, this specifies the port on which servers listen for connections from other servers.server_port<i> [optional] If present, this specifies the port on server <i> on which it listens for connections from other servers. Either server_port must be defined or this field must be specified for every server. A mixed mode is allowed, if some servers are exceptions to the general configuration.ca_cert_file The file (in PEM format) containing the certification authority's certificate.service_cert_file The file (in PEM format) containing the service's certificate.server<i>_cert_file The file (in PEM format) containing the certificate for server <i>.service_eg_public_file The file (in ASN.1 format) containing the service's ElGamal public key.server_private_file The file (in PEM format) containing this server's RSA private key.private_key_passwd [optional] The password for reading the private key in server_private_file. It is not advised to define this, but it is provided to simplify testing.rsa_shares_file The file (in ASN.1 format) containing this server's shares of the service's RSA private key.rsa_witness_file The file (in ASN.1 format) containing the public witness for the service's RSA private key.elgamal_shares_file The file (in ASN.1 format) containing this server's shares of the service's ElGamal private key.elgamal_witness_file The file (in ASN.1 format) containing the public witness for the service's ElGamal private key.apss_interval The amount of time between runs of the APSS protocol, in seconds. In order to optimize for a designated coordinator simply set one server's interval a suitable amount smaller than the rest.Here is an example of a relevant section in a configuration file:
[ server1 ] nhosts = 4 hostnum = 1 # Refresh shares every 5 minutes. apss_interval = 300 # This is an artificially short list. ciphers = EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA host0 = foo1.bar.org host1 = foo2.bar.org host2 = foo3.bar.org host3 = foo4.bar.org # Server 2 listens for other servers on a different port than the others. client_port = 3456 server_port = 4567 server_port2 = 4568 public_dir = /etc/CODEX/pubkeys ca_cert_file = ${public_dir}/CA.cert.pem service_cert_file = ${public_dir}/service.cert.pem rsa_witness_file = ${public_dir}/service.rsa.witness server0_cert_file = ${public_dir}/foo1.cert.pem server1_cert_file = ${public_dir}/foo2.cert.pem server2_cert_file = ${public_dir}/foo3.cert.pem server3_cert_file = ${public_dir}/foo4.cert.pem service_eg_public_file = ${public_dir}/service.eg.pub elgamal_witness_file = ${public_dir}/service.eg.witness private_dir = /etc/CODEX/privkeys server_private_file = ${private_dir}/foo2.private.pem rsa_shares_file = ${private_dir}/foo2.rsa.shares elgamal_shares_file = ${private_dir}/foo2.elgamal.shares
The command-line option -s server1 would then be supplied to specify that this is the section to load. If multiple servers share a common configuration file, the common configuration can be put in the default (unnamed) section and server-specific information in the named sections.
1.4.1