################################################################
#
#  Stunnel Banana Newsserver Configuration File [AUTHENTICATED]
#  (verify peer with locally installed certificate)
#
################################################################
#
# NOTES
#
##
#  FILES AND LOCATIONS
#
#  Go to Stunnel.org and obtain the W32 binaries:
#  http://www.stunnel.org/download/stunnel/win32/
#  (version numbers referenced herein are current as of 2003.08.08)
#  
#  Place the following four files in the same directory:
#
#  From the /win32/ directory:
#    stunnel-4.04.exe
#  From either the /openssl-0.9.7b/ or /openssl-0.9.7b-bri01/ directory:
#    libeay32.dll, libssl32.dll and openssl.exe
#
#  Rename "stunnel-4.04.exe" to "stunnel.exe"
#
#  Copy and paste this configuration file into a text document
#  named "banana.conf" and place in the same directory.
#
#  Have Stunnel use this configuration file by creating a
#  shortcut to stunnel.exe, name it "banana_news"
#  and make the shortcut's target:
#  [drive:][path]stunnel.exe banana.conf
#
#  Run the following command:
#
#  PROMPT>openssl rand -out bananarand.bin 2048
#
#  This will create a Banana randomseed file "bananarand.bin".
#  Stunnel will use it for seeding and overwrite on each run.
#
#  Run the following command:
#
#  PROMPT>openssl s_client -connect news.bananasplit.info:563 -showcerts -prexit >
#  banana.pem
#
#  This will request and save the Banana certificate to the file "banana.pem".
#  (You'll probably have to Ctrl+C to end the session.)
#
#  Edit the banana.pem file so that the format is:
#
#  -----BEGIN CERTIFICATE-----
#  MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBwMQswCQYDVQQGEwJVSzEO
#
#       [snipped]
#
#  LyS8oWX6gYVOyAwOwBcMH6qaXXDa0C5unSXEJcODGMC6gF+6dxoEjA==
#  -----END CERTIFICATE-----
#
#
#  Verify the certificate fingerprint with that published by the holder.
#
#  Display the certificate MD5 fingerprint:
#
#  PROMPT>openssl x509 -in banana.pem -noout -fingerprint
#
#  Display the certificate SHA1 fingerprint:
#
#  PROMPT>openssl x509 -sha1 -in banana.pem -noout -fingerprint
#
##
#  CLIENT CONFIGURATION
#
#  In your Client create a server profile named "Banana"
#  with address 127.0.0.1 and port 119
#
##
#  USAGE
#
#  Start Stunnel by activating the shortcut "banana_news"
#  Connect you client to the "Banana" server profile.
#
##
#  COMMENTS
#
#  If there are problems review the Output file "banana.log".
#  When proper opertion is confirmed, you many want to eliminate
#  or reduce the debug level/logging.
#
#  For more information/options see: 
#
#  PROMPT>stunnel -help 
#
#  Every line with a " # " is a comment and may be removed.
#  The "actual" configuration file begins below.
#
################################################################
#
RNDbytes = 2048
RNDfile = bananarand.bin
RNDoverwrite = yes
client = yes
options = ALL
CAfile = banana.pem
verify = 3
debug = 7
output = banana.log
#
[BANANA_NNTPS]
accept  = 119
connect = news.bananasplit.info:563
delay = no
#
################################################################