---- stunnel-4.15/tools/stunnel.conf-sample.in.orig 2006-01-07 14:58:50.000000000 +0100
-+++ stunnel-4.15/tools/stunnel.conf-sample.in 2006-04-01 23:31:04.987918000 +0200
-@@ -3,15 +3,16 @@
- ; Please make sure you understand them (especially the effect of chroot jail)
+--- stunnel-4.40/tools/stunnel.conf-sample.in.orig 2011-07-07 16:47:37.000000000 +0000
++++ stunnel-4.40/tools/stunnel.conf-sample.in 2011-07-24 09:40:54.658924150 +0000
+@@ -8,13 +8,13 @@
- ; Certificate/key is needed in server mode and optional in client mode
--cert = @prefix@/etc/stunnel/mail.pem
--;key = @prefix@/etc/stunnel/mail.pem
-+cert = /etc/stunnel/mail.pem
-+;key = /etc/stunnel/mail.pem
-
- ; Some security enhancements for UNIX systems - comment them out on Win32
+ ; A copy of some devices and system files is needed within the chroot jail
+ ; Chroot conflicts with configuration file reload and many other features
-chroot = @prefix@/var/lib/stunnel/
++;chroot = /var/lib/stunnel/
+ ; Chroot jail can be escaped if setuid option is not used
-setuid = nobody
--setgid = nogroup
-+;chroot = @prefix@/var/lib/stunnel/
+-setgid = @DEFAULT_GROUP@
+setuid = stunnel
+setgid = stunnel
- ; PID is created inside chroot jail
+
+ ; PID is created inside the chroot jail
-pid = /stunnel.pid
-+;pid = /stunnel.pid
+pid = /var/run/stunnel/stunnel.pid
- ; Some performance tunings
- socket = l:TCP_NODELAY=1
-@@ -43,17 +44,17 @@
+ ; Debugging stuff (may useful for troubleshooting)
+ ;debug = 7
+@@ -25,8 +25,8 @@
+ ; *****************************************************************************
+
+ ; Certificate/key is needed in server mode and optional in client mode
+-cert = @prefix@/etc/stunnel/mail.pem
+-;key = @prefix@/etc/stunnel/mail.pem
++cert = /etc/stunnel/mail.pem
++;key = /etc/stunnel/mail.pem
+
+ ; Authentication stuff needs to be configured to prevent MITM attacks
+ ; It is not enabled by default!
+@@ -35,12 +35,12 @@
+ ; CApath is located inside chroot jail
+ ;CApath = /certs
+ ; It's often easier to use CAfile
+-;CAfile = @prefix@/etc/stunnel/certs.pem
++CAfile = /etc/stunnel/certs.pem
+ ; Don't forget to c_rehash CRLpath
+ ; CRLpath is located inside chroot jail
+ ;CRLpath = /crls
+ ; Alternatively CRLfile can be used
+-;CRLfile = @prefix@/etc/stunnel/crls.pem
++CRLfile = /etc/stunnel/crls.pem
- ; Service-level configuration
+ ; Disable support for insecure SSLv2 protocol
+ options = NO_SSLv2
+@@ -54,17 +54,17 @@
+ ; * Service Definitions (remove all services for inetd mode) *
+ ; *****************************************************************************
-[pop3s]
-accept = 995