openbsd-ports/security/stunnel/patches/patch-tools_stunnel_conf-sample_in

--- tools/stunnel.conf-sample.in.orig	Sun Jul 24 06:51:56 2011
+++ tools/stunnel.conf-sample.in	Wed Sep  7 12:06:13 2011
@@ -8,10 +8,10 @@
 
 ; A copy of some devices and system files is needed within the chroot jail
 ; Chroot conflicts with configuration file reload and many other features
-chroot = @prefix@/var/lib/stunnel/
+chroot = /var/stunnel/
 ; Chroot jail can be escaped if setuid option is not used
-setuid = nobody
-setgid = @DEFAULT_GROUP@
+setuid = _stunnel
+setgid = _stunnel
 
 ; PID is created inside the chroot jail
 pid = /stunnel.pid
@@ -25,8 +25,8 @@ pid = /stunnel.pid
 ; *****************************************************************************
 
 ; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/ssl/stunnel.pem
+;key = @sysconfdir@/ssl/private/stunnel.key
 
 ; Authentication stuff needs to be configured to prevent MITM attacks
 ; It is not enabled by default!
@@ -35,12 +35,12 @@ cert = @prefix@/etc/stunnel/mail.pem
 ; CApath is located inside chroot jail
 ;CApath = /certs
 ; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/ssl/cert.pem
 ; Don't forget to c_rehash CRLpath
 ; CRLpath is located inside chroot jail
 ;CRLpath = /crls
 ; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/ssl/crls.pem
 
 ; Disable support for insecure SSLv2 protocol
 options = NO_SSLv2
update to stunnel 4.43, ok jakob@, reads good to william@ - take maintainer, suggested by jakob - pid is now created inside the chroot jail, note you may want to set "pid = /stunnel.pid" in config. 2011-09-14 20:42:21 -04:00			`--- tools/stunnel.conf-sample.in.orig Sun Jul 24 06:51:56 2011`
			`+++ tools/stunnel.conf-sample.in Wed Sep 7 12:06:13 2011`
			`@@ -8,10 +8,10 @@`
update to v4.05 add chroot/privdrop from Michael Schubert 2004-02-16 07:33:18 -05:00
update to stunnel 4.43, ok jakob@, reads good to william@ - take maintainer, suggested by jakob - pid is now created inside the chroot jail, note you may want to set "pid = /stunnel.pid" in config. 2011-09-14 20:42:21 -04:00			`; A copy of some devices and system files is needed within the chroot jail`
			`; Chroot conflicts with configuration file reload and many other features`
stunnel 4.15 2006-03-23 10:49:53 -05:00			`-chroot = @prefix@/var/lib/stunnel/`
update to stunnel 4.43, ok jakob@, reads good to william@ - take maintainer, suggested by jakob - pid is now created inside the chroot jail, note you may want to set "pid = /stunnel.pid" in config. 2011-09-14 20:42:21 -04:00			`+chroot = /var/stunnel/`
			`; Chroot jail can be escaped if setuid option is not used`
update to v4.05 add chroot/privdrop from Michael Schubert 2004-02-16 07:33:18 -05:00			`-setuid = nobody`
stunnel v4.18 2006-09-27 11:30:10 -04:00			`-setgid = @DEFAULT_GROUP@`
update to v4.05 add chroot/privdrop from Michael Schubert 2004-02-16 07:33:18 -05:00			`+setuid = _stunnel`
			`+setgid = _stunnel`

update to stunnel 4.43, ok jakob@, reads good to william@ - take maintainer, suggested by jakob - pid is now created inside the chroot jail, note you may want to set "pid = /stunnel.pid" in config. 2011-09-14 20:42:21 -04:00			`; PID is created inside the chroot jail`
			`pid = /stunnel.pid`
			`@@ -25,8 +25,8 @@ pid = /stunnel.pid`
			`; *****************************************************************************`

			`; Certificate/key is needed in server mode and optional in client mode`
			`-cert = @prefix@/etc/stunnel/mail.pem`
			`-;key = @prefix@/etc/stunnel/mail.pem`
			`+cert = @sysconfdir@/ssl/stunnel.pem`
			`+;key = @sysconfdir@/ssl/private/stunnel.key`

			`; Authentication stuff needs to be configured to prevent MITM attacks`
			`; It is not enabled by default!`
			`@@ -35,12 +35,12 @@ cert = @prefix@/etc/stunnel/mail.pem`
stunnel v4.13 2005-10-22 14:00:32 -04:00			`; CApath is located inside chroot jail`
stunnel 4.06 2004-12-27 03:24:44 -05:00			`;CApath = /certs`
stunnel v4.13 2005-10-22 14:00:32 -04:00			`; It's often easier to use CAfile`
stunnel 4.06 2004-12-27 03:24:44 -05:00			`-;CAfile = @prefix@/etc/stunnel/certs.pem`
update to stunnel v4.27 2009-05-28 14:08:49 -04:00			`+;CAfile = @sysconfdir@/ssl/cert.pem`
stunnel v4.13 2005-10-22 14:00:32 -04:00			`; Don't forget to c_rehash CRLpath`
			`; CRLpath is located inside chroot jail`
stunnel 4.06 2004-12-27 03:24:44 -05:00			`;CRLpath = /crls`
update to stunnel 4.43, ok jakob@, reads good to william@ - take maintainer, suggested by jakob - pid is now created inside the chroot jail, note you may want to set "pid = /stunnel.pid" in config. 2011-09-14 20:42:21 -04:00			`; Alternatively CRLfile can be used`
stunnel 4.06 2004-12-27 03:24:44 -05:00			`-;CRLfile = @prefix@/etc/stunnel/crls.pem`
			`+;CRLfile = @sysconfdir@/ssl/crls.pem`
update to v4.05 add chroot/privdrop from Michael Schubert 2004-02-16 07:33:18 -05:00
update to stunnel 4.43, ok jakob@, reads good to william@ - take maintainer, suggested by jakob - pid is now created inside the chroot jail, note you may want to set "pid = /stunnel.pid" in config. 2011-09-14 20:42:21 -04:00			`; Disable support for insecure SSLv2 protocol`
			`options = NO_SSLv2`