]>
Commit | Line | Data |
---|---|---|
cd684fa9 | 1 | --- stunnel-4.40/tools/stunnel.conf-sample.in.orig 2011-07-07 16:47:37.000000000 +0000 |
2 | +++ stunnel-4.40/tools/stunnel.conf-sample.in 2011-07-24 09:40:54.658924150 +0000 | |
3 | @@ -8,13 +8,13 @@ | |
d5253945 | 4 | |
cd684fa9 | 5 | ; A copy of some devices and system files is needed within the chroot jail |
6 | ; Chroot conflicts with configuration file reload and many other features | |
7d65fc8d | 7 | -chroot = @prefix@/var/lib/stunnel/ |
cd684fa9 | 8 | +;chroot = /var/lib/stunnel/ |
9 | ; Chroot jail can be escaped if setuid option is not used | |
a4ee43ea | 10 | -setuid = nobody |
806868e8 | 11 | -setgid = @DEFAULT_GROUP@ |
a4ee43ea | 12 | +setuid = stunnel |
13 | +setgid = stunnel | |
cd684fa9 | 14 | |
8a9913e2 | 15 | ; PID is created inside the chroot jail |
d5253945 AG |
16 | -pid = /stunnel.pid |
17 | +pid = /var/run/stunnel/stunnel.pid | |
a4ee43ea | 18 | |
cd684fa9 | 19 | ; Debugging stuff (may useful for troubleshooting) |
20 | ;debug = 7 | |
21 | @@ -25,8 +25,8 @@ | |
22 | ; ***************************************************************************** | |
23 | ||
24 | ; Certificate/key is needed in server mode and optional in client mode | |
25 | -cert = @prefix@/etc/stunnel/mail.pem | |
26 | -;key = @prefix@/etc/stunnel/mail.pem | |
27 | +cert = /etc/stunnel/mail.pem | |
28 | +;key = /etc/stunnel/mail.pem | |
29 | ||
30 | ; Authentication stuff needs to be configured to prevent MITM attacks | |
31 | ; It is not enabled by default! | |
32 | @@ -35,12 +35,12 @@ | |
806868e8 | 33 | ; CApath is located inside chroot jail |
34 | ;CApath = /certs | |
2497b503 | 35 | ; It's often easier to use CAfile |
806868e8 | 36 | -;CAfile = @prefix@/etc/stunnel/certs.pem |
6eb17a0c | 37 | +CAfile = /etc/stunnel/certs.pem |
2497b503 | 38 | ; Don't forget to c_rehash CRLpath |
806868e8 | 39 | ; CRLpath is located inside chroot jail |
40 | ;CRLpath = /crls | |
2497b503 | 41 | ; Alternatively CRLfile can be used |
806868e8 | 42 | -;CRLfile = @prefix@/etc/stunnel/crls.pem |
6eb17a0c | 43 | +CRLfile = /etc/stunnel/crls.pem |
806868e8 | 44 | |
cd684fa9 | 45 | ; Disable support for insecure SSLv2 protocol |
46 | options = NO_SSLv2 | |
47 | @@ -54,17 +54,17 @@ | |
48 | ; * Service Definitions (remove all services for inetd mode) * | |
49 | ; ***************************************************************************** | |
a4ee43ea | 50 | |
51 | -[pop3s] | |
52 | -accept = 995 | |
53 | -connect = 110 | |
54 | - | |
55 | -[imaps] | |
56 | -accept = 993 | |
57 | -connect = 143 | |
58 | - | |
59 | -[ssmtp] | |
60 | -accept = 465 | |
61 | -connect = 25 | |
d5253945 AG |
62 | +;[pop3s] |
63 | +;accept = 995 | |
64 | +;connect = 110 | |
a4ee43ea | 65 | + |
d5253945 AG |
66 | +;[imaps] |
67 | +;accept = 993 | |
68 | +;connect = 143 | |
a4ee43ea | 69 | + |
d5253945 AG |
70 | +;[ssmtp] |
71 | +;accept = 465 | |
72 | +;connect = 25 | |
a4ee43ea | 73 | |
d5253945 AG |
74 | ;[https] |
75 | ;accept = 443 |