55 lines
2.0 KiB
Diff
55 lines
2.0 KiB
Diff
diff -Nru stunnel-5.00.orig/src/Makefile.in stunnel-5.00/src/Makefile.in
|
|
--- stunnel-5.00.orig/src/Makefile.in 2014-03-07 10:30:11.982768737 +0100
|
|
+++ stunnel-5.00/src/Makefile.in 2014-03-07 10:31:17.433779070 +0100
|
|
@@ -310,7 +310,7 @@
|
|
|
|
# Additional preprocesor definitions
|
|
stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \
|
|
- -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"'
|
|
+ -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"'
|
|
|
|
# Win32 executable
|
|
EXTRA_DIST = make.bat makece.bat makew32.bat mingw.mak evc.mak vc.mak \
|
|
diff -Nru stunnel-5.00.orig/tools/stunnel.conf-sample.in stunnel-5.00/tools/stunnel.conf-sample.in
|
|
--- stunnel-5.00.orig/tools/stunnel.conf-sample.in 2014-03-07 10:30:11.986101953 +0100
|
|
+++ stunnel-5.00/tools/stunnel.conf-sample.in 2014-03-07 10:30:40.365094717 +0100
|
|
@@ -9,25 +9,33 @@
|
|
|
|
; A copy of some devices and system files is needed within the chroot jail
|
|
; Chroot conflicts with configuration file reload and many other features
|
|
-chroot = @prefix@/var/lib/stunnel/
|
|
+chroot = /var/run/stunnel/
|
|
; Chroot jail can be escaped if setuid option is not used
|
|
-setuid = nobody
|
|
-setgid = @DEFAULT_GROUP@
|
|
+setuid = stunnel
|
|
+setgid = stunnel
|
|
|
|
; PID is created inside the chroot jail
|
|
pid = /stunnel.pid
|
|
|
|
; Debugging stuff (may useful for troubleshooting)
|
|
;debug = 7
|
|
+; logfile is created inside the chroot jail
|
|
;output = stunnel.log
|
|
+; without chroot
|
|
+;output = /var/log/stunnel.log
|
|
+; log via syslog
|
|
+syslog = yes
|
|
+
|
|
+; Enable or disable the use of libwrap
|
|
+libwrap = yes
|
|
|
|
; **************************************************************************
|
|
; * Service defaults may also be specified in individual service sections *
|
|
; **************************************************************************
|
|
|
|
; Certificate/key is needed in server mode and optional in client mode
|
|
-cert = @prefix@/etc/stunnel/mail.pem
|
|
-;key = @prefix@/etc/stunnel/mail.pem
|
|
+cert = /etc/ssl/certs/stunnel.crt
|
|
+key = /etc/ssl/keys/stunnel.key
|
|
|
|
; Authentication stuff needs to be configured to prevent MITM attacks
|
|
; It is not enabled by default!
|