]>
Commit | Line | Data |
---|---|---|
cd684fa9 | 1 | --- stunnel-4.40/tools/stunnel.conf-sample.in.orig 2011-07-07 16:47:37.000000000 +0000 |
2 | +++ stunnel-4.40/tools/stunnel.conf-sample.in 2011-07-24 09:40:54.658924150 +0000 | |
3dbffcc7 | 3 | @@ -11,11 +11,11 @@ |
cd684fa9 | 4 | ; Chroot conflicts with configuration file reload and many other features |
3dbffcc7 | 5 | ;chroot = @prefix@/var/lib/stunnel/ |
cd684fa9 | 6 | ; Chroot jail can be escaped if setuid option is not used |
a4ee43ea | 7 | -setuid = nobody |
806868e8 | 8 | -setgid = @DEFAULT_GROUP@ |
a4ee43ea | 9 | +setuid = stunnel |
10 | +setgid = stunnel | |
cd684fa9 | 11 | |
3dbffcc7 AM |
12 | ; PID file is created inside the chroot jail (if enabled) |
13 | -;pid = @prefix@/var/run/stunnel.pid | |
d5253945 | 14 | +pid = /var/run/stunnel/stunnel.pid |
a4ee43ea | 15 | |
3dbffcc7 | 16 | ; Debugging stuff (may be useful for troubleshooting) |
cd684fa9 | 17 | ;debug = 7 |
18 | @@ -25,8 +25,8 @@ | |
19 | ; ***************************************************************************** | |
20 | ||
21 | ; Certificate/key is needed in server mode and optional in client mode | |
22 | -cert = @prefix@/etc/stunnel/mail.pem | |
23 | -;key = @prefix@/etc/stunnel/mail.pem | |
24 | +cert = /etc/stunnel/mail.pem | |
25 | +;key = /etc/stunnel/mail.pem | |
26 | ||
27 | ; Authentication stuff needs to be configured to prevent MITM attacks | |
28 | ; It is not enabled by default! | |
29 | @@ -35,12 +35,12 @@ | |
806868e8 | 30 | ; CApath is located inside chroot jail |
31 | ;CApath = /certs | |
2497b503 | 32 | ; It's often easier to use CAfile |
806868e8 | 33 | -;CAfile = @prefix@/etc/stunnel/certs.pem |
6eb17a0c | 34 | +CAfile = /etc/stunnel/certs.pem |
2497b503 | 35 | ; Don't forget to c_rehash CRLpath |
806868e8 | 36 | ; CRLpath is located inside chroot jail |
37 | ;CRLpath = /crls | |
2497b503 | 38 | ; Alternatively CRLfile can be used |
806868e8 | 39 | -;CRLfile = @prefix@/etc/stunnel/crls.pem |
6eb17a0c | 40 | +CRLfile = /etc/stunnel/crls.pem |
806868e8 | 41 | |
cd684fa9 | 42 | ; Disable support for insecure SSLv2 protocol |
43 | options = NO_SSLv2 | |
44 | @@ -54,17 +54,17 @@ | |
45 | ; * Service Definitions (remove all services for inetd mode) * | |
46 | ; ***************************************************************************** | |
a4ee43ea | 47 | |
48 | -[pop3s] | |
49 | -accept = 995 | |
50 | -connect = 110 | |
51 | - | |
52 | -[imaps] | |
53 | -accept = 993 | |
54 | -connect = 143 | |
55 | - | |
56 | -[ssmtp] | |
57 | -accept = 465 | |
58 | -connect = 25 | |
d5253945 AG |
59 | +;[pop3s] |
60 | +;accept = 995 | |
61 | +;connect = 110 | |
a4ee43ea | 62 | + |
d5253945 AG |
63 | +;[imaps] |
64 | +;accept = 993 | |
65 | +;connect = 143 | |
a4ee43ea | 66 | + |
d5253945 AG |
67 | +;[ssmtp] |
68 | +;accept = 465 | |
69 | +;connect = 25 | |
a4ee43ea | 70 | |
d5253945 AG |
71 | ;[https] |
72 | ;accept = 443 |