2006-10-25 00:47:56 +00:00
|
|
|
You shouldn't use the sample as-is, but people do.
|
|
|
|
|
2009-04-16 17:54:31 +00:00
|
|
|
diff -urN stunnel/tools/stunnel.conf-sample.in stunnel-4.27/tools/stunnel.conf-sample.in
|
|
|
|
--- stunnel/tools/stunnel.conf-sample.in 2009-04-16 11:10:09.000000000 +0200
|
|
|
|
+++ stunnel-4.27/tools/stunnel.conf-sample.in 2009-04-16 18:14:02.000000000 +0200
|
2006-10-25 00:47:56 +00:00
|
|
|
@@ -3,14 +3,14 @@
|
2009-04-16 17:54:31 +00:00
|
|
|
; Please make sure you understand them (especially the effect of the chroot jail)
|
2006-10-25 00:47:56 +00:00
|
|
|
|
|
|
|
; Certificate/key is needed in server mode and optional in client mode
|
|
|
|
-cert = @prefix@/etc/stunnel/mail.pem
|
|
|
|
-;key = @prefix@/etc/stunnel/mail.pem
|
|
|
|
+cert = @sysconfdir@/stunnel/mail.crt
|
|
|
|
+;key = @sysconfdir@/stunnel/mail.key
|
|
|
|
|
|
|
|
; Protocol version (all, SSLv2, SSLv3, TLSv1)
|
|
|
|
sslVersion = SSLv3
|
|
|
|
|
|
|
|
; Some security enhancements for UNIX systems - comment them out on Win32
|
|
|
|
-chroot = @prefix@/var/lib/stunnel/
|
|
|
|
+chroot = @localstatedir@/run/stunnel/
|
|
|
|
setuid = nobody
|
|
|
|
setgid = @DEFAULT_GROUP@
|
2009-04-16 17:54:31 +00:00
|
|
|
; PID is created inside the chroot jail
|
2006-10-25 00:47:56 +00:00
|
|
|
@@ -30,12 +30,13 @@
|
|
|
|
; CApath is located inside chroot jail
|
|
|
|
;CApath = /certs
|
|
|
|
; It's often easier to use CAfile
|
|
|
|
-;CAfile = @prefix@/etc/stunnel/certs.pem
|
|
|
|
+;CAfile = @sysconfdir@/stunnel/certs.pem
|
2009-04-16 17:54:31 +00:00
|
|
|
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
|
2006-10-25 00:47:56 +00:00
|
|
|
; Don't forget to c_rehash CRLpath
|
|
|
|
; CRLpath is located inside chroot jail
|
|
|
|
;CRLpath = /crls
|
|
|
|
; Alternatively you can use CRLfile
|
|
|
|
-;CRLfile = @prefix@/etc/stunnel/crls.pem
|
|
|
|
+;CRLfile = @sysconfdir@/stunnel/crls.pem
|
|
|
|
|
|
|
|
; Some debugging stuff useful for troubleshooting
|
|
|
|
;debug = 7
|