[stunnel-users] Public domain [PATCH] support environment variables in config file

Pierre Delaage delaage.pierre at free.fr
Tue May 31 15:07:42 CEST 2016


Hi,
The difference is that, on WCE, for stunnel code, it is straigthforward 
to access the "unique profile" stunnel.conf, WITHOUT in fact dealing 
with envvars,
rather than 1/ decode %VARNAME% tokens in conf file and then ask env for 
replacement...
well...ok..we can create stubs as well for getenv etc... but is is much 
more complicated.

For W32 platforms, communicating with a server with env vars can open 
issues.
BUT working in "local user sandbox", folders etc...is more secure than 
modifying system files by everyone through envvars.

More generally, I agree that a per user conf can be useful ONLY IF each 
user is able, and "directed to" start HIS/HER STUNNEL by HAND, in a user 
space process.

But to achieve this....stunnel is ALREADY ready to go by using the 
command line like this "stunnel myownconfig.conf", of course having "my" 
own copy of stunnel executable.

So there is no real need to have an embeddef feature in stunnel for conf 
file customization per user.

And, once again, as conf file are just "text files", it is quite easy to 
create a bunch of such from a template, by text editiong tools : sed on 
win32 is really powerful, or win32 perl engine, or whatever scripting 
language you prefer.

Yours sincerely,
Pierre

Le 31/05/2016 14:24, Dmitry Bakshaev a écrit :
>
>
> 2016-05-31 12:02 GMT+04:00 Pierre Delaage <delaage.pierre at free.fr 
> <mailto:delaage.pierre at free.fr>>:
>
>     Did not have a look at the code yet, but should it be possible to
>     replace envvars usage by some keys in the registry on windows
>     platform and/or %userprofile%/config-file ?
>
>     Anyway, my opinion on the patch is that there is no real interest
>     for "generic/self-expanding" config file , and it is even dangerous :
>     I would not trust stunnel if, at run time, its config could be
>     modified by USER envvars...
>
>
> which difference between %userprofile%/config-file and USER envvars?
> both are USER owned and USER controlled.
> certificate and keys also USER private data.
> and stunnel started by USER owned by USER.
> if stunnel started by SYSTEM/ADMIN he uses SYSTEM/ADMIN envvars (if 
> needed), certs, keys, etc.
>
> global "generic/self-expanding" config file is ADMIN owned.
> USER has permissions to substitute some values, restricted by ADMIN.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160531/c5fea42d/attachment.html>


More information about the stunnel-users mailing list