--- stunnel4/tools/stunnel.conf-sample.in.fix	2018-09-26 11:26:04.386170478 +0300

+++ stunnel4/tools/stunnel.conf-sample.in	2018-09-26 11:36:46.412591738 +0300

@@ -7,17 +7,20 @@

 ; * Global options                                                         *

 ; **************************************************************************

+; A copy of some devices and system files is needed within the chroot jail

+chroot = /var/lib/stunnel/

+

 ; It is recommended to drop root privileges if stunnel is started by root

-;setuid = nobody

-;setgid = @DEFAULT_GROUP@

+setuid = stunnel

+setgid = stunnel

 ; PID file is created inside the chroot jail (if enabled)

-;pid = @localstatedir@/run/stunnel.pid

+pid = /stunnel.pid

 ; Debugging stuff (may be useful for troubleshooting)

 ;foreground = yes

 ;debug = info

-;output = @localstatedir@/log/stunnel.log

+output = /stunnel.log

 ; Enable FIPS 140-2 mode if needed for compliance

 ;fips = yes

@@ -35,6 +38,13 @@

 ; * Service defaults may also be specified in individual service sections  *

 ; **************************************************************************

+; Certificate/key is needed in server mode and optional in client mode

+cert = /var/lib/ssl/certs/stunnel.cert

+key = /var/lib/ssl/private/stunnel.key

+

+;CAfile = /var/lib/ssl/cert.pem

+;CRLfile = /etc/stunnel/crls.pem

+

 ; Enable support for the insecure SSLv3 protocol

 ;options = -NO_SSLv3