diff -urNp stunnel-5.08/tools/stunnel.conf-sample.in stunnel-5.08-patched/tools/stunnel.conf-sample.in
--- stunnel-5.08/tools/stunnel.conf-sample.in	2014-11-01 09:48:17.000000000 -0400
+++ stunnel-5.08-patched/tools/stunnel.conf-sample.in	2014-11-23 01:09:28.393727451 -0500
@@ -10,7 +10,7 @@
 ; A copy of some devices and system files is needed within the chroot jail
 ; Chroot conflicts with configuration file reload and many other features
 ; Remember also to update the logrotate configuration.
-;chroot = @prefix@/var/lib/stunnel/
+;chroot = @localstatedir@/run/stunnel/
 ; Chroot jail can be escaped if setuid option is not used
 ;setuid = nobody
 ;setgid = @DEFAULT_GROUP@
@@ -27,8 +27,8 @@
 ; **************************************************************************
 
 ; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/stunnel/mail.pem
+;key = @sysconfdir@/stunnel/mail.pem
 
 ; Authentication stuff needs to be configured to prevent MITM attacks
 ; It is not enabled by default!
@@ -37,12 +37,13 @@ cert = @prefix@/etc/stunnel/mail.pem
 ; CApath is located inside chroot jail
 ;CApath = /certs
 ; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
 ; Don't forget to c_rehash CRLpath
 ; CRLpath is located inside chroot jail
 ;CRLpath = /crls
 ; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
 
 ; Enable support for the insecure SSLv2 protocol
 ;options = -NO_SSLv2