<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Michal,<br>
Did not have a look at the code yet, but should it be possible to
replace envvars usage by some keys in the registry on windows
platform and/or %userprofile%/config-file ?<br>
<br>
Anyway, my opinion on the patch is that there is no real interest
for "generic/self-expanding" config file , and it is even dangerous
:<br>
I would not trust stunnel if, at run time, its config could be
modified by USER envvars...<br>
<br>
I would rather prefer "usual config file" BUT stored (and then read
by sw) in USERPROFILE (on WCE : there is only ONE profile, so that
we can easily create fake stubs for w32 functions),<br>
and then use the stunnel command line to load the proper config, or
whatever admin system script invoking stunnel program.<br>
<br>
Moreover if one needs a specific admin mechanism to CREATE
"personalized" config file based on a common template, this can be
done easily by some system scripting either in linux or windows.
Personnaly I am making a wide usage of sed (even with gnuwin32 :
remember, sed is able to access system variables).<br>
This is NOT directly an stunnel issue, but a pure admin issue. <br>
<br>
NB: if stunnel is running as a service, there is no reason that
ordinary users modify the config with "customized options" : so if
one cert is needed, its name can be hardcoded in the config file.<br>
if the cert need to be changes, one can play with the cert file (by
admin scripting if necessary).<br>
<br>
Yours sincerely,<br>
Pierre<br>
<br>
<div class="moz-cite-prefix">Le 31/05/2016 08:05, Michał Trojnara a
écrit :<br>
</div>
<blockquote cite="mid:574D29C3.10001@stunnel.org" type="cite">
<pre wrap="">I'm pretty sure the use of ExpandEnvironmentStringsA() will break WCE
builds. Please correct me if I'm wrong.
Best regards,
Mike
On 23.05.2016 14:24, Dmitry Bakshaev wrote:
</pre>
<blockquote type="cite">
<pre wrap="">the problem frequently occurs on the client side: admin need to
configure stunnel for multiple users.
every user has own key, certificate, own permissions on file system (for
log-files, etc)
this patch allow to write flexible config.
some examples:
cert = %USERPROFILE%\.config\my.pem (windows)
cert = ${HOME}/.config/my.pem (other)
output = %APPDATA%\stunnel.log (windows)
output = ${HOME}/stunnel.log (other)
CAfile = %ALLUSERSPROFILE%\ourCAbundle.crt (windows)
CAfile = /etc/ssl/certs/ourCAbundle.crt (other, not using variables)
"secure" :) random port example:
...
[srv1]
accept = 127.0.0.1:%SRV1_PORT% (windows)
accept = 127.0.0.1:${SRV1_PORT} (other)
...
start stunnel (batch-file or shell-script):
set SRV1_PORT=%RANDOM% (windows)
limitations:
1. don't support unicode on windows (localized usernames, files, etc)
2. only ${NAME} syntax supported on *nix (not $NAME).
_______________________________________________
stunnel-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a class="moz-txt-link-freetext" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
stunnel-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a class="moz-txt-link-freetext" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
</body>
</html>