1ff588bc09
- Updated local patches. - Fix for CVE-2014-0016 - Fixed changelog date errors - Fixes rhbz #1006819
40 lines
1.6 KiB
Diff
40 lines
1.6 KiB
Diff
diff -urNp stunnel-5.00-patched/tools/stunnel.conf-sample.in stunnel-5.00-current/tools/stunnel.conf-sample.in
|
|
--- stunnel-5.00-patched/tools/stunnel.conf-sample.in 2014-03-07 14:04:50.015418514 -0500
|
|
+++ stunnel-5.00-current/tools/stunnel.conf-sample.in 2014-03-07 14:06:45.501516446 -0500
|
|
@@ -9,7 +9,7 @@
|
|
|
|
; A copy of some devices and system files is needed within the chroot jail
|
|
; Chroot conflicts with configuration file reload and many other features
|
|
-chroot = @prefix@/var/lib/stunnel/
|
|
+chroot = @localstatedir@/run/stunnel/
|
|
; Chroot jail can be escaped if setuid option is not used
|
|
setuid = nobody
|
|
setgid = @DEFAULT_GROUP@
|
|
@@ -26,8 +26,8 @@ pid = /stunnel.pid
|
|
; **************************************************************************
|
|
|
|
; Certificate/key is needed in server mode and optional in client mode
|
|
-cert = @prefix@/etc/stunnel/mail.pem
|
|
-;key = @prefix@/etc/stunnel/mail.pem
|
|
+cert = @sysconfdir@/stunnel/mail.pem
|
|
+;key = @sysconfdir@/stunnel/mail.pem
|
|
|
|
; Authentication stuff needs to be configured to prevent MITM attacks
|
|
; It is not enabled by default!
|
|
@@ -36,12 +36,13 @@ cert = @prefix@/etc/stunnel/mail.pem
|
|
; CApath is located inside chroot jail
|
|
;CApath = /certs
|
|
; It's often easier to use CAfile
|
|
-;CAfile = @prefix@/etc/stunnel/certs.pem
|
|
+;CAfile = @sysconfdir@/stunnel/certs.pem
|
|
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
|
|
; Don't forget to c_rehash CRLpath
|
|
; CRLpath is located inside chroot jail
|
|
;CRLpath = /crls
|
|
; Alternatively CRLfile can be used
|
|
-;CRLfile = @prefix@/etc/stunnel/crls.pem
|
|
+;CRLfile = @sysconfdir@/stunnel/crls.pem
|
|
|
|
; Disable support for insecure SSLv2 protocol
|
|
options = NO_SSLv2
|