43 lines
1.4 KiB
Plaintext
43 lines
1.4 KiB
Plaintext
--- tools/stunnel.conf-sample.in.orig Thu Apr 16 11:10:09 2009
|
|
+++ tools/stunnel.conf-sample.in Sun May 17 00:58:19 2009
|
|
@@ -3,18 +3,17 @@
|
|
; Please make sure you understand them (especially the effect of the chroot jail)
|
|
|
|
; Certificate/key is needed in server mode and optional in client mode
|
|
-cert = @prefix@/etc/stunnel/mail.pem
|
|
-;key = @prefix@/etc/stunnel/mail.pem
|
|
+cert = @sysconfdir@/ssl/private/stunnel.pem
|
|
+;key = @sysconfdir@/ssl/private/stunnel.key
|
|
|
|
; Protocol version (all, SSLv2, SSLv3, TLSv1)
|
|
sslVersion = SSLv3
|
|
|
|
; Some security enhancements for UNIX systems - comment them out on Win32
|
|
-chroot = @prefix@/var/lib/stunnel/
|
|
-setuid = nobody
|
|
-setgid = @DEFAULT_GROUP@
|
|
-; PID is created inside the chroot jail
|
|
-pid = /stunnel.pid
|
|
+chroot = /var/stunnel/
|
|
+setuid = _stunnel
|
|
+setgid = _stunnel
|
|
+pid = /var/run/stunnel.pid
|
|
|
|
; Some performance tunings
|
|
socket = l:TCP_NODELAY=1
|
|
@@ -30,12 +29,12 @@ socket = r:TCP_NODELAY=1
|
|
; CApath is located inside chroot jail
|
|
;CApath = /certs
|
|
; It's often easier to use CAfile
|
|
-;CAfile = @prefix@/etc/stunnel/certs.pem
|
|
+;CAfile = @sysconfdir@/ssl/cert.pem
|
|
; Don't forget to c_rehash CRLpath
|
|
; CRLpath is located inside chroot jail
|
|
;CRLpath = /crls
|
|
; Alternatively you can use CRLfile
|
|
-;CRLfile = @prefix@/etc/stunnel/crls.pem
|
|
+;CRLfile = @sysconfdir@/ssl/crls.pem
|
|
|
|
; Some debugging stuff useful for troubleshooting
|
|
;debug = 7
|