diff -urNp stunnel-5.10/tools/stunnel.conf-sample.in stunnel-5.10-patch/tools/stunnel.conf-sample.in --- stunnel-5.10/tools/stunnel.conf-sample.in 2015-01-02 09:29:55.000000000 -0500 +++ stunnel-5.10-patch/tools/stunnel.conf-sample.in 2015-01-28 13:47:25.946862677 -0500 @@ -10,7 +10,7 @@ ; A copy of some devices and system files is needed within the chroot jail ; Chroot conflicts with configuration file reload and many other features ; Remember also to update the logrotate configuration. -;chroot = @prefix@/var/lib/stunnel/ +;chroot = @localstatedir@/run/stunnel/ ; Chroot jail can be escaped if setuid option is not used ;setuid = nobody ;setgid = @DEFAULT_GROUP@ @@ -27,8 +27,8 @@ ; ************************************************************************** ; Certificate/key is needed in server mode and optional in client mode -cert = @prefix@/etc/stunnel/mail.pem -;key = @prefix@/etc/stunnel/mail.pem +cert = @sysconfdir@/stunnel/mail.pem +;key = @sysconfdir@/stunnel/mail.pem ; Authentication stuff needs to be configured to prevent MITM attacks ; It is not enabled by default! @@ -37,12 +37,13 @@ cert = @prefix@/etc/stunnel/mail.pem ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile -;CAfile = @prefix@/etc/stunnel/certs.pem +;CAfile = @sysconfdir@/stunnel/certs.pem +;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively CRLfile can be used -;CRLfile = @prefix@/etc/stunnel/crls.pem +;CRLfile = @sysconfdir@/stunnel/crls.pem ; Enable support for the insecure SSLv2 protocol ;options = -NO_SSLv2