|
1 diff -urNp stunnel-4.29-orig/tools/stunnel.conf-sample.in stunnel-4.29/tools/stunnel.conf-sample.in |
|
2 --- stunnel-4.29-orig/tools/stunnel.conf-sample.in 2009-11-08 14:40:24.000000000 -0500 |
|
3 +++ stunnel-4.29/tools/stunnel.conf-sample.in 2010-01-15 16:21:47.000000000 -0500 |
|
4 @@ -3,14 +3,14 @@ |
|
5 ; Please make sure you understand them (especially the effect of the chroot jail) |
|
6 |
|
7 ; Certificate/key is needed in server mode and optional in client mode |
|
8 -cert = @prefix@/etc/stunnel/mail.pem |
|
9 -;key = @prefix@/etc/stunnel/mail.pem |
|
10 +cert = @sysconfdir@/stunnel/mail.crt |
|
11 +;key = @sysconfdir@/stunnel/mail.key |
|
12 |
|
13 ; Protocol version (all, SSLv2, SSLv3, TLSv1) |
|
14 sslVersion = SSLv3 |
|
15 |
|
16 ; Some security enhancements for UNIX systems - comment them out on Win32 |
|
17 -chroot = @prefix@/var/lib/stunnel/ |
|
18 +chroot = @localstatedir@/run/stunnel/ |
|
19 setuid = nobody |
|
20 setgid = @DEFAULT_GROUP@ |
|
21 ; PID is created inside the chroot jail |
|
22 @@ -30,12 +30,13 @@ socket = r:TCP_NODELAY=1 |
|
23 ; CApath is located inside chroot jail |
|
24 ;CApath = /certs |
|
25 ; It's often easier to use CAfile |
|
26 -;CAfile = @prefix@/etc/stunnel/certs.pem |
|
27 +;CAfile = @sysconfdir@/stunnel/certs.pem |
|
28 +;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt |
|
29 ; Don't forget to c_rehash CRLpath |
|
30 ; CRLpath is located inside chroot jail |
|
31 ;CRLpath = /crls |
|
32 ; Alternatively you can use CRLfile |
|
33 -;CRLfile = @prefix@/etc/stunnel/crls.pem |
|
34 +;CRLfile = @sysconfdir@/stunnel/crls.pem |
|
35 |
|
36 ; Some debugging stuff useful for troubleshooting |
|
37 ;debug = 7 |