]> git.pld-linux.org Git - packages/stunnel.git/blobdiff - stunnel-config.patch
projects / packages / stunnel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- 4.40
[packages/stunnel.git] / stunnel-config.patch
diff --git a/stunnel-config.patch b/stunnel-config.patch
index 5b5298574563b1a330ec82827a826b1f6098d7e1..60ad06b470bed9819745f8bf46f4149311c63427 100644 (file)
--- a/stunnel-config.patch
+++ b/stunnel-config.patch
@@ -1,31 +1,52 @@
---- stunnel-4.15/tools/stunnel.conf-sample.in.orig     2006-01-07 14:58:50.000000000 +0100
-+++ stunnel-4.15/tools/stunnel.conf-sample.in  2006-04-01 23:31:04.987918000 +0200
-@@ -3,15 +3,16 @@
- ; Please make sure you understand them (especially the effect of chroot jail)
+--- stunnel-4.40/tools/stunnel.conf-sample.in.orig     2011-07-07 16:47:37.000000000 +0000
++++ stunnel-4.40/tools/stunnel.conf-sample.in  2011-07-24 09:40:54.658924150 +0000
+@@ -8,13 +8,13 @@
  
- ; Certificate/key is needed in server mode and optional in client mode
--cert = @prefix@/etc/stunnel/mail.pem
--;key = @prefix@/etc/stunnel/mail.pem
-+cert = /etc/stunnel/mail.pem
-+;key = /etc/stunnel/mail.pem
- ; Some security enhancements for UNIX systems - comment them out on Win32
+ ; A copy of some devices and system files is needed within the chroot jail
+ ; Chroot conflicts with configuration file reload and many other features
 -chroot = @prefix@/var/lib/stunnel/
++;chroot = /var/lib/stunnel/
+ ; Chroot jail can be escaped if setuid option is not used
 -setuid = nobody
--setgid = nogroup
-+;chroot = @prefix@/var/lib/stunnel/
+-setgid = @DEFAULT_GROUP@
 +setuid = stunnel
 +setgid = stunnel
- ; PID is created inside chroot jail
+ ; PID is created inside the chroot jail
 -pid = /stunnel.pid
-+;pid = /stunnel.pid
 +pid = /var/run/stunnel/stunnel.pid
  
- ; Some performance tunings
- socket = l:TCP_NODELAY=1
-@@ -43,17 +44,17 @@
+ ; Debugging stuff (may useful for troubleshooting)
+ ;debug = 7
+@@ -25,8 +25,8 @@
+ ; *****************************************************************************
+ ; Certificate/key is needed in server mode and optional in client mode
+-cert = @prefix@/etc/stunnel/mail.pem
+-;key = @prefix@/etc/stunnel/mail.pem
++cert = /etc/stunnel/mail.pem
++;key = /etc/stunnel/mail.pem
+ ; Authentication stuff needs to be configured to prevent MITM attacks
+ ; It is not enabled by default!
+@@ -35,12 +35,12 @@
+ ; CApath is located inside chroot jail
+ ;CApath = /certs
+ ; It's often easier to use CAfile
+-;CAfile = @prefix@/etc/stunnel/certs.pem
++CAfile = /etc/stunnel/certs.pem
+ ; Don't forget to c_rehash CRLpath
+ ; CRLpath is located inside chroot jail
+ ;CRLpath = /crls
+ ; Alternatively CRLfile can be used
+-;CRLfile = @prefix@/etc/stunnel/crls.pem
++CRLfile = /etc/stunnel/crls.pem
  
- ; Service-level configuration
+ ; Disable support for insecure SSLv2 protocol
+ options = NO_SSLv2
+@@ -54,17 +54,17 @@
+ ; * Service Definitions (remove all services for inetd mode)                  *
+ ; *****************************************************************************
  
 -[pop3s]
 -accept  = 995
Universal SSL tunnel
This page took 0.040129 seconds and 4 git commands to generate.