diff -urNp stunnel-4.56-patched/tools/stunnel.conf-sample.in stunnel-4.56-current/tools/stunnel.conf-sample.in

--- stunnel-4.56-patched/tools/stunnel.conf-sample.in	2013-03-28 14:38:34.992698440 -0400

+++ stunnel-4.56-current/tools/stunnel.conf-sample.in	2013-03-28 14:40:31.423595815 -0400

@@ -9,7 +9,7 @@

 ; A copy of some devices and system files is needed within the chroot jail

 ; Chroot conflicts with configuration file reload and many other features

-chroot = @prefix@/var/lib/stunnel/

+chroot = @localstatedir@/run/stunnel/

 ; Chroot jail can be escaped if setuid option is not used

 setuid = nobody

 setgid = @DEFAULT_GROUP@

@@ -26,8 +26,8 @@ pid = /stunnel.pid

 ; **************************************************************************

 ; Certificate/key is needed in server mode and optional in client mode

-cert = @prefix@/etc/stunnel/mail.pem

-;key = @prefix@/etc/stunnel/mail.pem

+cert = @sysconfdir@/stunnel/mail.pem

+;key = @sysconfdir@/stunnel/mail.pem

 ; Authentication stuff needs to be configured to prevent MITM attacks

 ; It is not enabled by default!

@@ -36,12 +36,13 @@ cert = @prefix@/etc/stunnel/mail.pem

 ; CApath is located inside chroot jail

 ;CApath = /certs

 ; It's often easier to use CAfile

-;CAfile = @prefix@/etc/stunnel/certs.pem

+;CAfile = @sysconfdir@/stunnel/certs.pem

+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt

 ; Don't forget to c_rehash CRLpath

 ; CRLpath is located inside chroot jail

 ;CRLpath = /crls

 ; Alternatively CRLfile can be used

-;CRLfile = @prefix@/etc/stunnel/crls.pem

+;CRLfile = @sysconfdir@/stunnel/crls.pem

 ; Disable support for insecure SSLv2 protocol

 options = NO_SSLv2