stunnel/stunnel-4.27-sample.patch

40 lines
1.4 KiB
Diff
Raw Normal View History

You shouldn't use the sample as-is, but people do.
2009-04-16 17:54:31 +00:00
diff -urN stunnel/tools/stunnel.conf-sample.in stunnel-4.27/tools/stunnel.conf-sample.in
--- stunnel/tools/stunnel.conf-sample.in 2009-04-16 11:10:09.000000000 +0200
+++ stunnel-4.27/tools/stunnel.conf-sample.in 2009-04-16 18:14:02.000000000 +0200
@@ -3,14 +3,14 @@
2009-04-16 17:54:31 +00:00
; Please make sure you understand them (especially the effect of the chroot jail)
; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/stunnel/mail.crt
+;key = @sysconfdir@/stunnel/mail.key
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on Win32
-chroot = @prefix@/var/lib/stunnel/
+chroot = @localstatedir@/run/stunnel/
setuid = nobody
setgid = @DEFAULT_GROUP@
2009-04-16 17:54:31 +00:00
; PID is created inside the chroot jail
@@ -30,12 +30,13 @@
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem
2009-04-16 17:54:31 +00:00
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7