cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/security/stunnel/patches/patch-tools_stunnel_conf-sample_in
gonzalo 8c44bfa2a4 Update for Stunnel to 5.06: 
Security bugfixes

    OpenSSL DLLs updated to version 1.0.1j.
https://www.openssl.org/news/secadv_20141015.txt
    The insecure SSLv2 protocol is now disabled by default. It can be
enabled with "options = -NO_SSLv2".
    The insecure SSLv3 protocol is now disabled by default. It can be
enabled with "options = -NO_SSLv3".
    Default sslVersion changed to "all" (also in FIPS mode) to
autonegotiate the highest supported TLS version.

New features

    Added missing SSL options to match OpenSSL 1.0.1j.
    New "-options" commandline option to display the list of supported
SSL options.

Bugfixes

    Fixed FORK threading build regression bug.


OK gsoares@ (maintainer) OK schwarze@
2014-10-27 13:16:48 +00:00

49 lines
1.7 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-tools_stunnel_conf-sample_in,v 1.12 2014/10/27 13:16:48 gonzalo Exp $
--- tools/stunnel.conf-sample.in.orig Wed Oct 15 09:04:20 2014
+++ tools/stunnel.conf-sample.in Thu Oct 23 10:32:30 2014
@@ -9,13 +9,13 @@
; A copy of some devices and system files is needed within the chroot jail
; Chroot conflicts with configuration file reload and many other features
-;chroot = @prefix@/var/lib/stunnel/
+chroot = /var/stunnel/
; Chroot jail can be escaped if setuid option is not used
-setuid = nobody
-setgid = @DEFAULT_GROUP@
+setuid = _stunnel
+setgid = _stunnel
; PID file is created inside the chroot jail (if enabled)
-;pid = @prefix@/var/run/stunnel.pid
+pid = /stunnel.pid
; Debugging stuff (may be useful for troubleshooting)
;debug = 7
@@ -26,8 +26,8 @@ setgid = @DEFAULT_GROUP@
; **************************************************************************
; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/ssl/stunnel.pem
+;key = @sysconfdir@/ssl/private/stunnel.key
; Authentication stuff needs to be configured to prevent MITM attacks
; It is not enabled by default!
@@ -36,12 +36,12 @@ cert = @prefix@/etc/stunnel/mail.pem
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/ssl/cert.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/ssl/crls.pem
; Enable support for the insecure SSLv2 protocol
;options = -NO_SSLv2
Reference in New Issue View Git Blame Copy Permalink