diff --git a/manifests/tun.pp b/manifests/tun.pp
index fa4c211..4f46c65 100644
--- a/manifests/tun.pp
+++ b/manifests/tun.pp
@@ -99,14 +99,15 @@
 define stunnel::tun(
     $certificate,
     $private_key,
-    $ca_file,
-    $crl_file,
-    $chroot,
-    $user,
-    $group,
     $client,
     $accept,
     $connect,
+    $user        = undef,
+    $group       = undef,
+    $ca_file     = undef,
+    $ca_path     = undef,
+    $crl_file    = undef,
+    $chroot      = undef,
     $ssl_version = 'TLSv1',
     $pid_file    = "/${name}.pid",
     $debug_level = '0',
@@ -137,10 +138,12 @@
     require => File[$conf_dir],
   }
 
-  file { $chroot:
-    ensure => directory,
-    owner  => $user,
-    group  => $group,
-    mode   => '0600',
+  if $chroot {
+    file { $chroot:
+      ensure => directory,
+      owner  => $user,
+      group  => $group,
+      mode   => '0600',
+    }
   }
 }
diff --git a/templates/stunnel.conf.erb b/templates/stunnel.conf.erb
index 18ea32d..6f6c2e6 100644
--- a/templates/stunnel.conf.erb
+++ b/templates/stunnel.conf.erb
@@ -2,14 +2,26 @@
 
 cert = <%= @certificate %>
 key = <%= @private_key %>
+<%- if @ca_file != nil -%>
 CAfile = <%= @ca_file %>
+<%- end -%>
+<%- if @ca_path != nil -%>
+capath = <%= @ca_path %>
+<%- end -%>
+<%- if @crl_file != nil -%>
 CRLfile = <%= @crl_file %>
+<%- end -%>
 sslVersion = <%= @ssl_version_real %>
 verify = 2
-
+<%- if @chroot != nil -%>
 chroot = <%= @chroot %>
+<%- end -%>
+<%- if @user != nil -%>
 setuid = <%= @user %>
+<%- end -%>
+<%- if @group != nil -%>
 setgid = <%= @group %>
+<%- end -%>
 pid = <%= @pid_file %>
 
 socket = l:TCP_NODELAY=1