911192190c
- take maintainer, suggested by jakob - pid is now created inside the chroot jail, note you may want to set "pid = /stunnel.pid" in config.
43 lines
1.5 KiB
Plaintext
43 lines
1.5 KiB
Plaintext
--- tools/stunnel.conf-sample.in.orig Sun Jul 24 06:51:56 2011
|
|
+++ tools/stunnel.conf-sample.in Wed Sep 7 12:06:13 2011
|
|
@@ -8,10 +8,10 @@
|
|
|
|
; A copy of some devices and system files is needed within the chroot jail
|
|
; Chroot conflicts with configuration file reload and many other features
|
|
-chroot = @prefix@/var/lib/stunnel/
|
|
+chroot = /var/stunnel/
|
|
; Chroot jail can be escaped if setuid option is not used
|
|
-setuid = nobody
|
|
-setgid = @DEFAULT_GROUP@
|
|
+setuid = _stunnel
|
|
+setgid = _stunnel
|
|
|
|
; PID is created inside the chroot jail
|
|
pid = /stunnel.pid
|
|
@@ -25,8 +25,8 @@ pid = /stunnel.pid
|
|
; *****************************************************************************
|
|
|
|
; Certificate/key is needed in server mode and optional in client mode
|
|
-cert = @prefix@/etc/stunnel/mail.pem
|
|
-;key = @prefix@/etc/stunnel/mail.pem
|
|
+cert = @sysconfdir@/ssl/stunnel.pem
|
|
+;key = @sysconfdir@/ssl/private/stunnel.key
|
|
|
|
; Authentication stuff needs to be configured to prevent MITM attacks
|
|
; It is not enabled by default!
|
|
@@ -35,12 +35,12 @@ cert = @prefix@/etc/stunnel/mail.pem
|
|
; CApath is located inside chroot jail
|
|
;CApath = /certs
|
|
; It's often easier to use CAfile
|
|
-;CAfile = @prefix@/etc/stunnel/certs.pem
|
|
+;CAfile = @sysconfdir@/ssl/cert.pem
|
|
; Don't forget to c_rehash CRLpath
|
|
; CRLpath is located inside chroot jail
|
|
;CRLpath = /crls
|
|
; Alternatively CRLfile can be used
|
|
-;CRLfile = @prefix@/etc/stunnel/crls.pem
|
|
+;CRLfile = @sysconfdir@/ssl/crls.pem
|
|
|
|
; Disable support for insecure SSLv2 protocol
|
|
options = NO_SSLv2
|