From 079fdc930027316c17d2c58edb5dfbcc7537b588 Mon Sep 17 00:00:00 2001
From: gingerlime <yoav@gingerlime.com>
Date: Thu, 28 Dec 2017 14:43:46 +0700
Subject: [PATCH] allow verify certificate chain in client mode (optional)

* `verifyChain` allows stunnel to verify the remote certificate chain. the default is still no, so it should keep backwards compatibility.
* `CAfile` points to a file that should exist on Alpine and includes the root certificates. It has no effect unless `verifyChain` is set to yes.
---
 stunnel/docker-entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/stunnel/docker-entrypoint.sh b/stunnel/docker-entrypoint.sh
index de0c8ef..9423b94 100755
--- a/stunnel/docker-entrypoint.sh
+++ b/stunnel/docker-entrypoint.sh
@@ -10,6 +10,8 @@ socket = l:TCP_NODELAY=1
 socket = r:TCP_NODELAY=1
 cert = /etc/stunnel/stunnel.pem
 client = ${CLIENT:-no}
+verifyChain = ${VERIFY_CHAIN:-no}
+CAfile = /etc/ssl/cert.pem
 
 [${SERVICE}]
 accept = ${ACCEPT}