*** ./tools/stunnel.conf-sample.in.ORIG Wed Jun 29 15:36:53 2011 --- ./tools/stunnel.conf-sample.in Wed Jun 29 15:38:21 2011 *************** *** 5,16 **** ; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment ! cert = @prefix@/etc/stunnel/mail.pem ! ;key = @prefix@/etc/stunnel/mail.pem ; Security enhancements for UNIX systems - comment them out on Win32 ; for chroot a copy of some devices and files is needed within the jail ! chroot = @prefix@/var/lib/stunnel/ setuid = nobody setgid = @DEFAULT_GROUP@ ; PID is created inside the chroot jail --- 5,16 ---- ; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment ! cert = @sysconfdir@/stunnel/mail.crt ! ;key = @sysconfdir@/stunnel/mail.key ; Security enhancements for UNIX systems - comment them out on Win32 ; for chroot a copy of some devices and files is needed within the jail ! chroot = @localstatedir@/run/stunnel/ setuid = nobody setgid = @DEFAULT_GROUP@ ; PID is created inside the chroot jail *************** *** 29,40 **** ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ! ;CAfile = @prefix@/etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively CRLfile can be used ! ;CRLfile = @prefix@/etc/stunnel/crls.pem ; Debugging stuff (may useful for troubleshooting) ;debug = 7 --- 29,41 ---- ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ! ;CAfile = @sysconfdir@/stunnel/certs.pem ! ;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively CRLfile can be used ! ;CRLfile = @sysconfdir@/stunnel/crls.pem ; Debugging stuff (may useful for troubleshooting) ;debug = 7