stunnel/stunnel-4-sample.patch

40 lines
1.6 KiB
Diff
Raw Normal View History

diff -urNp stunnel-4.41/tools/stunnel.conf-sample.in stunnel-4.41-cvs-patched/tools/stunnel.conf-sample.in
--- stunnel-4.41/tools/stunnel.conf-sample.in 2011-07-24 01:51:56.000000000 -0400
+++ stunnel-4.41-cvs-patched/tools/stunnel.conf-sample.in 2011-08-01 17:54:00.032071605 -0400
@@ -8,7 +8,7 @@
; A copy of some devices and system files is needed within the chroot jail
; Chroot conflicts with configuration file reload and many other features
-chroot = @prefix@/var/lib/stunnel/
+chroot = @localstatedir@/run/stunnel/
; Chroot jail can be escaped if setuid option is not used
setuid = nobody
setgid = @DEFAULT_GROUP@
@@ -25,8 +25,8 @@ pid = /stunnel.pid
; *****************************************************************************
; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/stunnel/mail.pem
+;key = @sysconfdir@/stunnel/mail.pem
; Authentication stuff needs to be configured to prevent MITM attacks
; It is not enabled by default!
@@ -35,12 +35,13 @@ cert = @prefix@/etc/stunnel/mail.pem
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2