--- stunnel4/tools/stunnel.conf-sample.in.fix	2018-09-26 11:26:04.386170478 +0300
+++ stunnel4/tools/stunnel.conf-sample.in	2018-09-26 11:36:46.412591738 +0300
@@ -7,17 +7,20 @@
 ; * Global options                                                         *
 ; **************************************************************************
 
+; A copy of some devices and system files is needed within the chroot jail
+chroot = /var/lib/stunnel/
+
 ; It is recommended to drop root privileges if stunnel is started by root
-;setuid = nobody
-;setgid = @DEFAULT_GROUP@
+setuid = stunnel
+setgid = stunnel
 
 ; PID file is created inside the chroot jail (if enabled)
-;pid = @localstatedir@/run/stunnel.pid
+pid = /stunnel.pid
 
 ; Debugging stuff (may be useful for troubleshooting)
 ;foreground = yes
 ;debug = info
-;output = @localstatedir@/log/stunnel.log
+output = /stunnel.log
 
 ; Enable FIPS 140-2 mode if needed for compliance
 ;fips = yes
@@ -35,6 +38,13 @@
 ; * Service defaults may also be specified in individual service sections  *
 ; **************************************************************************
 
+; Certificate/key is needed in server mode and optional in client mode
+cert = /var/lib/ssl/certs/stunnel.cert
+key = /var/lib/ssl/private/stunnel.key
+
+;CAfile = /var/lib/ssl/cert.pem
+;CRLfile = /etc/stunnel/crls.pem
+
 ; Enable support for the insecure SSLv3 protocol
 ;options = -NO_SSLv3