projects / packages / stunnel.git / blame
| Commit | Line | Data |
|---|---|---|
| cd684fa9 | 1 | --- stunnel-4.40/tools/stunnel.conf-sample.in.orig 2011-07-07 16:47:37.000000000 +0000 |
| 2 | +++ stunnel-4.40/tools/stunnel.conf-sample.in 2011-07-24 09:40:54.658924150 +0000 | |
| 3 | @@ -8,13 +8,13 @@ | |
| d5253945 | 4 | |
| cd684fa9 | 5 | ; A copy of some devices and system files is needed within the chroot jail |
| 6 | ; Chroot conflicts with configuration file reload and many other features | |
| 7d65fc8d | 7 | -chroot = @prefix@/var/lib/stunnel/ |
| cd684fa9 | 8 | +;chroot = /var/lib/stunnel/ |
| 9 | ; Chroot jail can be escaped if setuid option is not used | |
| a4ee43ea | 10 | -setuid = nobody |
| 806868e8 | 11 | -setgid = @DEFAULT_GROUP@ |
| a4ee43ea | 12 | +setuid = stunnel |
| 13 | +setgid = stunnel | |
| cd684fa9 | 14 | |
| 8a9913e2 | 15 | ; PID is created inside the chroot jail |
| d5253945 AG |
16 | -pid = /stunnel.pid |
| 17 | +pid = /var/run/stunnel/stunnel.pid | |
| a4ee43ea | 18 | |
| cd684fa9 | 19 | ; Debugging stuff (may useful for troubleshooting) |
| 20 | ;debug = 7 | |
| 21 | @@ -25,8 +25,8 @@ | |
| 22 | ; ***************************************************************************** | |
| 23 | ||
| 24 | ; Certificate/key is needed in server mode and optional in client mode | |
| 25 | -cert = @prefix@/etc/stunnel/mail.pem | |
| 26 | -;key = @prefix@/etc/stunnel/mail.pem | |
| 27 | +cert = /etc/stunnel/mail.pem | |
| 28 | +;key = /etc/stunnel/mail.pem | |
| 29 | ||
| 30 | ; Authentication stuff needs to be configured to prevent MITM attacks | |
| 31 | ; It is not enabled by default! | |
| 32 | @@ -35,12 +35,12 @@ | |
| 806868e8 | 33 | ; CApath is located inside chroot jail |
| 34 | ;CApath = /certs | |
| 2497b503 | 35 | ; It's often easier to use CAfile |
| 806868e8 | 36 | -;CAfile = @prefix@/etc/stunnel/certs.pem |
| 6eb17a0c | 37 | +CAfile = /etc/stunnel/certs.pem |
| 2497b503 | 38 | ; Don't forget to c_rehash CRLpath |
| 806868e8 | 39 | ; CRLpath is located inside chroot jail |
| 40 | ;CRLpath = /crls | |
| 2497b503 | 41 | ; Alternatively CRLfile can be used |
| 806868e8 | 42 | -;CRLfile = @prefix@/etc/stunnel/crls.pem |
| 6eb17a0c | 43 | +CRLfile = /etc/stunnel/crls.pem |
| 806868e8 | 44 | |
| cd684fa9 | 45 | ; Disable support for insecure SSLv2 protocol |
| 46 | options = NO_SSLv2 | |
| 47 | @@ -54,17 +54,17 @@ | |
| 48 | ; * Service Definitions (remove all services for inetd mode) * | |
| 49 | ; ***************************************************************************** | |
| a4ee43ea | 50 | |
| 51 | -[pop3s] | |
| 52 | -accept = 995 | |
| 53 | -connect = 110 | |
| 54 | - | |
| 55 | -[imaps] | |
| 56 | -accept = 993 | |
| 57 | -connect = 143 | |
| 58 | - | |
| 59 | -[ssmtp] | |
| 60 | -accept = 465 | |
| 61 | -connect = 25 | |
| d5253945 AG |
62 | +;[pop3s] |
| 63 | +;accept = 995 | |
| 64 | +;connect = 110 | |
| a4ee43ea | 65 | + |
| d5253945 AG |
66 | +;[imaps] |
| 67 | +;accept = 993 | |
| 68 | +;connect = 143 | |
| a4ee43ea | 69 | + |
| d5253945 AG |
70 | +;[ssmtp] |
| 71 | +;accept = 465 | |
| 72 | +;connect = 25 | |
| a4ee43ea | 73 | |
| d5253945 AG |
74 | ;[https] |
| 75 | ;accept = 443 |