openbsd-ports/security/stunnel/patches/patch-tools_stunnel_conf-sample_in
2009-05-28 18:08:49 +00:00

43 lines
1.4 KiB
Plaintext

--- tools/stunnel.conf-sample.in.orig Thu Apr 16 11:10:09 2009
+++ tools/stunnel.conf-sample.in Sun May 17 00:58:19 2009
@@ -3,18 +3,17 @@
; Please make sure you understand them (especially the effect of the chroot jail)
; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/ssl/private/stunnel.pem
+;key = @sysconfdir@/ssl/private/stunnel.key
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on Win32
-chroot = @prefix@/var/lib/stunnel/
-setuid = nobody
-setgid = @DEFAULT_GROUP@
-; PID is created inside the chroot jail
-pid = /stunnel.pid
+chroot = /var/stunnel/
+setuid = _stunnel
+setgid = _stunnel
+pid = /var/run/stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
@@ -30,12 +29,12 @@ socket = r:TCP_NODELAY=1
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/ssl/cert.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/ssl/crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7