From 079fdc930027316c17d2c58edb5dfbcc7537b588 Mon Sep 17 00:00:00 2001 From: gingerlime Date: Thu, 28 Dec 2017 14:43:46 +0700 Subject: [PATCH] allow verify certificate chain in client mode (optional) * `verifyChain` allows stunnel to verify the remote certificate chain. the default is still no, so it should keep backwards compatibility. * `CAfile` points to a file that should exist on Alpine and includes the root certificates. It has no effect unless `verifyChain` is set to yes. --- stunnel/docker-entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/stunnel/docker-entrypoint.sh b/stunnel/docker-entrypoint.sh index de0c8ef..9423b94 100755 --- a/stunnel/docker-entrypoint.sh +++ b/stunnel/docker-entrypoint.sh @@ -10,6 +10,8 @@ socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 cert = /etc/stunnel/stunnel.pem client = ${CLIENT:-no} +verifyChain = ${VERIFY_CHAIN:-no} +CAfile = /etc/ssl/cert.pem [${SERVICE}] accept = ${ACCEPT}