1 diff -urNp stunnel-4.29-orig/tools/stunnel.conf-sample.in stunnel-4.29/tools/stunnel.conf-sample.in

     2 --- stunnel-4.29-orig/tools/stunnel.conf-sample.in	2009-11-08 14:40:24.000000000 -0500

     3 +++ stunnel-4.29/tools/stunnel.conf-sample.in	2010-01-15 16:21:47.000000000 -0500

     4 @@ -3,14 +3,14 @@

     5  ; Please make sure you understand them (especially the effect of the chroot jail)

     6  

     7  ; Certificate/key is needed in server mode and optional in client mode

     8 -cert = @prefix@/etc/stunnel/mail.pem

     9 -;key = @prefix@/etc/stunnel/mail.pem

    10 +cert = @sysconfdir@/stunnel/mail.crt

    11 +;key = @sysconfdir@/stunnel/mail.key

    12  

    13  ; Protocol version (all, SSLv2, SSLv3, TLSv1)

    14  sslVersion = SSLv3

    15  

    16  ; Some security enhancements for UNIX systems - comment them out on Win32

    17 -chroot = @prefix@/var/lib/stunnel/

    18 +chroot = @localstatedir@/run/stunnel/

    19  setuid = nobody

    20  setgid = @DEFAULT_GROUP@

    21  ; PID is created inside the chroot jail

    22 @@ -30,12 +30,13 @@ socket = r:TCP_NODELAY=1

    23  ; CApath is located inside chroot jail

    24  ;CApath = /certs

    25  ; It's often easier to use CAfile

    26 -;CAfile = @prefix@/etc/stunnel/certs.pem

    27 +;CAfile = @sysconfdir@/stunnel/certs.pem

    28 +;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt

    29  ; Don't forget to c_rehash CRLpath

    30  ; CRLpath is located inside chroot jail

    31  ;CRLpath = /crls

    32  ; Alternatively you can use CRLfile

    33 -;CRLfile = @prefix@/etc/stunnel/crls.pem

    34 +;CRLfile = @sysconfdir@/stunnel/crls.pem

    35  

    36  ; Some debugging stuff useful for troubleshooting

    37  ;debug = 7