2016-05-31 17:07 GMT+04:00 Pierre Delaage <delaage.pierre@free.fr>:

Hi,
The difference is that, on WCE, for stunnel code, it is straigthforward to access the "unique profile" stunnel.conf, WITHOUT in fact dealing with envvars,
rather than 1/ decode %VARNAME% tokens in conf file and then ask env for replacement...
well...ok..we can create stubs as well for getenv etc... but is is much more complicated.

"environment expanded config" feature is designed for the platform that support it - on WCE is not avialable - config is static text file,
and use static values in config files on other platform not prohibited : ADMIN chooses which
parameters USER can expand to USER own values or none.

For W32 platforms, communicating with a server with env vars can open issues.

example, please. every account that start stunnel has his own environment, cert, key, etc.

BUT working in "local user sandbox", folders etc...is more secure than modifying system files by everyone through envvars.

files not modified globally, only for current USER by USER values in runtime, only for specified parameters

More generally, I agree that a per user conf can be useful ONLY IF each user is able, and "directed to" start HIS/HER STUNNEL by HAND, in a user space process.

yes. one of our scenarios.

But to achieve this....stunnel is ALREADY ready to go by using the command line like this "stunnel myownconfig.conf", of course having "my" own copy of stunnel executable.

So there is no real need to have an embeddef feature in stunnel for conf file customization per user.

And, once again, as conf file are just "text files", it is quite easy to create a bunch of such from a template, by text editiong tools : sed on win32 is really powerful, or win32 perl engine, or whatever scripting language you prefer

this feature makes it unnecessary to copy config to every user and edit files manually or using sed/perl.
not need ADMIN intervention after adding new USER.
adding/replace service/port not need regenerate all users config - one centralized config.
this is the primary purpose - ADMIN make one config as template for all users.

for example server scenario: we has multiple stunnel instanses on gentoo linux

and i can configure on template:
output = /var/log/stunnel/stunnel_${SVCNAME}.log
each instance has its own log. (SVCNAME variable contains instance name from init.d startup scripts)