X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=stunnel-config.patch;h=60ad06b470bed9819745f8bf46f4149311c63427;hb=cd684fa978ec2f87f3e32c9977b1635330f1398c;hp=5b5298574563b1a330ec82827a826b1f6098d7e1;hpb=7d65fc8d93345ce313c7e38caae69819e465b306;p=packages%2Fstunnel.git

diff --git a/stunnel-config.patch b/stunnel-config.patch
index 5b52985..60ad06b 100644
--- a/stunnel-config.patch
+++ b/stunnel-config.patch
@@ -1,31 +1,52 @@
---- stunnel-4.15/tools/stunnel.conf-sample.in.orig	2006-01-07 14:58:50.000000000 +0100
-+++ stunnel-4.15/tools/stunnel.conf-sample.in	2006-04-01 23:31:04.987918000 +0200
-@@ -3,15 +3,16 @@
- ; Please make sure you understand them (especially the effect of chroot jail)
+--- stunnel-4.40/tools/stunnel.conf-sample.in.orig	2011-07-07 16:47:37.000000000 +0000
++++ stunnel-4.40/tools/stunnel.conf-sample.in	2011-07-24 09:40:54.658924150 +0000
+@@ -8,13 +8,13 @@
  
- ; Certificate/key is needed in server mode and optional in client mode
--cert = @prefix@/etc/stunnel/mail.pem
--;key = @prefix@/etc/stunnel/mail.pem
-+cert = /etc/stunnel/mail.pem
-+;key = /etc/stunnel/mail.pem
- 
- ; Some security enhancements for UNIX systems - comment them out on Win32
+ ; A copy of some devices and system files is needed within the chroot jail
+ ; Chroot conflicts with configuration file reload and many other features
 -chroot = @prefix@/var/lib/stunnel/
++;chroot = /var/lib/stunnel/
+ ; Chroot jail can be escaped if setuid option is not used
 -setuid = nobody
--setgid = nogroup
-+;chroot = @prefix@/var/lib/stunnel/
+-setgid = @DEFAULT_GROUP@
 +setuid = stunnel
 +setgid = stunnel
- ; PID is created inside chroot jail
+ 
+ ; PID is created inside the chroot jail
 -pid = /stunnel.pid
-+;pid = /stunnel.pid
 +pid = /var/run/stunnel/stunnel.pid
  
- ; Some performance tunings
- socket = l:TCP_NODELAY=1
-@@ -43,17 +44,17 @@
+ ; Debugging stuff (may useful for troubleshooting)
+ ;debug = 7
+@@ -25,8 +25,8 @@
+ ; *****************************************************************************
+ 
+ ; Certificate/key is needed in server mode and optional in client mode
+-cert = @prefix@/etc/stunnel/mail.pem
+-;key = @prefix@/etc/stunnel/mail.pem
++cert = /etc/stunnel/mail.pem
++;key = /etc/stunnel/mail.pem
+ 
+ ; Authentication stuff needs to be configured to prevent MITM attacks
+ ; It is not enabled by default!
+@@ -35,12 +35,12 @@
+ ; CApath is located inside chroot jail
+ ;CApath = /certs
+ ; It's often easier to use CAfile
+-;CAfile = @prefix@/etc/stunnel/certs.pem
++CAfile = /etc/stunnel/certs.pem
+ ; Don't forget to c_rehash CRLpath
+ ; CRLpath is located inside chroot jail
+ ;CRLpath = /crls
+ ; Alternatively CRLfile can be used
+-;CRLfile = @prefix@/etc/stunnel/crls.pem
++CRLfile = /etc/stunnel/crls.pem
  
- ; Service-level configuration
+ ; Disable support for insecure SSLv2 protocol
+ options = NO_SSLv2
+@@ -54,17 +54,17 @@
+ ; * Service Definitions (remove all services for inetd mode)                  *
+ ; *****************************************************************************
  
 -[pop3s]
 -accept  = 995