[stunnel-users] Public domain [PATCH] support environment variables in config file

Tue May 31 18:59:09 CEST 2016

2016-05-31 17:07 GMT+04:00 Pierre Delaage <delaage.pierre at free.fr>:

> Hi,
> The difference is that, on WCE, for stunnel code, it is straigthforward to
> access the "unique profile" stunnel.conf, WITHOUT in fact dealing with
> envvars,
> rather than 1/ decode %VARNAME% tokens in conf file and then ask env for
> replacement...
> well...ok..we can create stubs as well for getenv etc... but is is much
> more complicated.
>

"environment expanded config" feature is designed for the platform that
support it - on WCE is not avialable - config is static text file,
and use static values in config files on other platform not prohibited :
ADMIN chooses which
parameters USER can expand to USER own values or none.

> For W32 platforms, communicating with a server with env vars can open
> issues.
>
example, please. every account that start stunnel has his own environment,
cert, key, etc.

> BUT working in "local user sandbox", folders etc...is more secure than
> modifying system files by everyone through envvars.
>
files not modified globally, only for current USER by USER values in
runtime, only for specified parameters

More generally, I agree that a per user conf can be useful ONLY IF each
> user is able, and "directed to" start HIS/HER STUNNEL by HAND, in a user
> space process.
>
yes. one of our scenarios.

>
> But to achieve this....stunnel is ALREADY ready to go by using the command
> line like this "stunnel myownconfig.conf", of course having "my" own copy
> of stunnel executable.
>
> So there is no real need to have an embeddef feature in stunnel for conf
> file customization per user.
>
> And, once again, as conf file are just "text files", it is quite easy to
> create a bunch of such from a template, by text editiong tools : sed on
> win32 is really powerful, or win32 perl engine, or whatever scripting
> language you prefer
>

this feature makes it unnecessary to copy config to every user and edit
files manually or using sed/perl.
not need ADMIN intervention after adding new USER.
adding/replace service/port not need regenerate all users config - one
centralized config.
this is the primary purpose - ADMIN make one config as template for all
users.

for example server scenario: we has multiple stunnel instanses on gentoo
linux
and i can configure on template:
output = /var/log/stunnel/stunnel_${SVCNAME}.log
each instance has its own log. (SVCNAME variable contains instance name
from init.d startup scripts)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160531/caa67ca6/attachment.html>