the problem frequently occurs on the client side: admin need to configure stunnel for multiple users. every user has own key, certificate, own permissions on file system (for log-files, etc)
this patch allow to write flexible config.
some examples: cert = %USERPROFILE%.config\my.pem (windows) cert = ${HOME}/.config/my.pem (other)
output = %APPDATA%\stunnel.log (windows) output = ${HOME}/stunnel.log (other)
CAfile = %ALLUSERSPROFILE%\ourCAbundle.crt (windows) CAfile = /etc/ssl/certs/ourCAbundle.crt (other, not using variables)
"secure" :) random port example: ... [srv1] accept = 127.0.0.1:%SRV1_PORT% (windows) accept = 127.0.0.1:${SRV1_PORT} (other) ... start stunnel (batch-file or shell-script): set SRV1_PORT=%RANDOM% (windows)
limitations: 1. don't support unicode on windows (localized usernames, files, etc) 2. only ${NAME} syntax supported on *nix (not $NAME).
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Hello Michal,
I think it would be a good idea to integrate these Patch into the next version.
Best regards Sebastian
Von: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] Im Auftrag von Dmitry Bakshaev Gesendet: Montag, 23. Mai 2016 14:24 An: stunnel-users@stunnel.org Betreff: [stunnel-users] Public domain [PATCH] support environment variables in config file
the problem frequently occurs on the client side: admin need to configure stunnel for multiple users. every user has own key, certificate, own permissions on file system (for log-files, etc) this patch allow to write flexible config. some examples: cert = %USERPROFILE%.config\my.pem (windows) cert = ${HOME}/.config/my.pem (other)
output = %APPDATA%\stunnel.log (windows) output = ${HOME}/stunnel.log (other) CAfile = %ALLUSERSPROFILE%\ourCAbundle.crt (windows) CAfile = /etc/ssl/certs/ourCAbundle.crt (other, not using variables) "secure" :) random port example: ... [srv1] accept = 127.0.0.1:%SRV1_PORT% (windows) accept = 127.0.0.1:${SRV1_PORT} (other) ... start stunnel (batch-file or shell-script): set SRV1_PORT=%RANDOM% (windows) limitations: 1. don't support unicode on windows (localized usernames, files, etc) 2. only ${NAME} syntax supported on *nix (not $NAME).
-
Dmitry Bakshaev -
Sebastian Rose-Indorf