[stunnel-users] Public domain [PATCH] support environment variables in config file
delaage.pierre at free.fr
Tue May 31 15:07:42 CEST 2016
The difference is that, on WCE, for stunnel code, it is straigthforward
to access the "unique profile" stunnel.conf, WITHOUT in fact dealing
rather than 1/ decode %VARNAME% tokens in conf file and then ask env for
well...ok..we can create stubs as well for getenv etc... but is is much
For W32 platforms, communicating with a server with env vars can open
BUT working in "local user sandbox", folders etc...is more secure than
modifying system files by everyone through envvars.
More generally, I agree that a per user conf can be useful ONLY IF each
user is able, and "directed to" start HIS/HER STUNNEL by HAND, in a user
But to achieve this....stunnel is ALREADY ready to go by using the
command line like this "stunnel myownconfig.conf", of course having "my"
own copy of stunnel executable.
So there is no real need to have an embeddef feature in stunnel for conf
file customization per user.
And, once again, as conf file are just "text files", it is quite easy to
create a bunch of such from a template, by text editiong tools : sed on
win32 is really powerful, or win32 perl engine, or whatever scripting
language you prefer.
Le 31/05/2016 14:24, Dmitry Bakshaev a écrit :
> 2016-05-31 12:02 GMT+04:00 Pierre Delaage <delaage.pierre at free.fr
> <mailto:delaage.pierre at free.fr>>:
> Did not have a look at the code yet, but should it be possible to
> replace envvars usage by some keys in the registry on windows
> platform and/or %userprofile%/config-file ?
> Anyway, my opinion on the patch is that there is no real interest
> for "generic/self-expanding" config file , and it is even dangerous :
> I would not trust stunnel if, at run time, its config could be
> modified by USER envvars...
> which difference between %userprofile%/config-file and USER envvars?
> both are USER owned and USER controlled.
> certificate and keys also USER private data.
> and stunnel started by USER owned by USER.
> if stunnel started by SYSTEM/ADMIN he uses SYSTEM/ADMIN envvars (if
> needed), certs, keys, etc.
> global "generic/self-expanding" config file is ADMIN owned.
> USER has permissions to substitute some values, restricted by ADMIN.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users