[stunnel-users] Public domain [PATCH] support environment variables in config file
Pierre Delaage
delaage.pierre at free.fr
Tue May 31 15:07:42 CEST 2016
Hi,
The difference is that, on WCE, for stunnel code, it is straigthforward
to access the "unique profile" stunnel.conf, WITHOUT in fact dealing
with envvars,
rather than 1/ decode %VARNAME% tokens in conf file and then ask env for
replacement...
well...ok..we can create stubs as well for getenv etc... but is is much
more complicated.
For W32 platforms, communicating with a server with env vars can open
issues.
BUT working in "local user sandbox", folders etc...is more secure than
modifying system files by everyone through envvars.
More generally, I agree that a per user conf can be useful ONLY IF each
user is able, and "directed to" start HIS/HER STUNNEL by HAND, in a user
space process.
But to achieve this....stunnel is ALREADY ready to go by using the
command line like this "stunnel myownconfig.conf", of course having "my"
own copy of stunnel executable.
So there is no real need to have an embeddef feature in stunnel for conf
file customization per user.
And, once again, as conf file are just "text files", it is quite easy to
create a bunch of such from a template, by text editiong tools : sed on
win32 is really powerful, or win32 perl engine, or whatever scripting
language you prefer.
Yours sincerely,
Pierre
Le 31/05/2016 14:24, Dmitry Bakshaev a écrit :
>
>
> 2016-05-31 12:02 GMT+04:00 Pierre Delaage <delaage.pierre at free.fr
> <mailto:delaage.pierre at free.fr>>:
>
> Did not have a look at the code yet, but should it be possible to
> replace envvars usage by some keys in the registry on windows
> platform and/or %userprofile%/config-file ?
>
> Anyway, my opinion on the patch is that there is no real interest
> for "generic/self-expanding" config file , and it is even dangerous :
> I would not trust stunnel if, at run time, its config could be
> modified by USER envvars...
>
>
> which difference between %userprofile%/config-file and USER envvars?
> both are USER owned and USER controlled.
> certificate and keys also USER private data.
> and stunnel started by USER owned by USER.
> if stunnel started by SYSTEM/ADMIN he uses SYSTEM/ADMIN envvars (if
> needed), certs, keys, etc.
>
> global "generic/self-expanding" config file is ADMIN owned.
> USER has permissions to substitute some values, restricted by ADMIN.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160531/c5fea42d/attachment.html>
More information about the stunnel-users
mailing list