Projekti

Yleinen

Profile

Esimerkkikonfiguraatio Windows-työaseman stunnel-clientille

; Sample stunnel configuration file for Win32
; by Michal Trojnara 2002-2018
; by Olli-Antti Kivilahti @ The National Library of Finland 2018
; Some options used here may be inadequate for your particular configuration
; This sample file does *not* represent stunnel.conf defaults
; Please consult the manual for detailed description of available options

; **************************************************************************
; * Global options                                                         *
; **************************************************************************

; Debugging stuff (may be useful for troubleshooting)
;debug = info
;output = stunnel.log

; Enable FIPS 140-2 mode if needed for compliance
;fips = yes

; Microsoft CryptoAPI engine allows for authentication with private keys
; stored in the Windows certificate store
; Each section using this feature also needs the "engineId = capi" option
;engine = capi

; The pkcs11 engine allows for authentication with cryptographic
; keys isolated in a hardware or software token
; MODULE_PATH specifies the path to the pkcs11 module shared library,
; e.g. softhsm2.dll or opensc-pkcs11.so
; Each section using this feature also needs the "engineId = pkcs11" option
;engine = pkcs11
;engineCtrl = MODULE_PATH:softhsm2.dll
;engineCtrl = PIN:1234

; **************************************************************************
; * Service defaults may also be specified in individual service sections  *
; **************************************************************************

; Enable support for the insecure SSLv3 protocol
;options = -NO_SSLv3

; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE

; **************************************************************************
; * Include all configuration file fragments from the specified folder     *
; **************************************************************************

;include = conf.d

; **************************************************************************
; * Service definitions (at least one service has to be defined)           *
; **************************************************************************

;
; Stunnel configuration options
; https://www.stunnel.org/static/stunnel.html
;
; SIP2-client to Koha configuration.
;

[MV-KOHA_connection]

; Specify that the connection originates from this host:port.
client = yes

; The local SIP2-client connects to this ip and port
accept = 127.0.0.1:34343

; That connection is tunneled via stunnel into this remote host:port
connect = hamk.koha.csc.fi:6001

; Since Koha uses a self-signed SSL certificate, without a valid verification chain,
; it is mandatory for the client to accept just the plain certificate without extra securities.
verifyChain = no
verify = 4

; Where the stunnel-server public certificate exists?
CAfile = /etc/stunnel/HAMK-Koha-SIP2-stunnel.crt