diff options
author | Brad Smith <brad@cvs.openbsd.org> | 2000-08-15 13:11:22 +0000 |
---|---|---|
committer | Brad Smith <brad@cvs.openbsd.org> | 2000-08-15 13:11:22 +0000 |
commit | d0832169edd2455a42173e7a78f6225d1a426b5b (patch) | |
tree | 30d9a25751f4ed848193d4b1ae2ea676db8be936 | |
parent | ccb8aa83a7f2a9963e4438f7f7ce4ccbce7772ff (diff) |
merge mod_ssl 2.6.6
18 files changed, 1276 insertions, 1244 deletions
diff --git a/usr.sbin/httpd/INSTALL.SSL b/usr.sbin/httpd/INSTALL.SSL index c86eedadcf6..17b84c8b195 100644 --- a/usr.sbin/httpd/INSTALL.SSL +++ b/usr.sbin/httpd/INSTALL.SSL @@ -70,12 +70,12 @@ Type: OPTIONAL (only mandatory for US-citizens) o Package: MM - Version: 1.0.x + Version: 1.1.x Description: Shared Memory Library Reason: The portable library for shared memory in Apache/EAPI Homepage: http://www.engelschall.com/sw/mm/ Distribution: http://www.engelschall.com/sw/mm/ - Tarball: mm-1.0.x.tar.gz + Tarball: mm-1.1.x.tar.gz Location: Zurich, Switzerland, Europe Author(s): Ralf S. Engelschall <rse@engelschall.com> Type: OPTIONAL @@ -129,7 +129,7 @@ $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - ALL $ gzip -d -c mod_ssl-2.6.x-1.3.x.tar.gz | tar xvf - ALL $ gzip -d -c openssl-0.9.x.tar.gz | tar xvf - ALL - $ gzip -d -c mm-1.0.x.tar.gz | tar xvf - OPTIONAL + $ gzip -d -c mm-1.1.x.tar.gz | tar xvf - OPTIONAL $ mkdir rsaref-2.0 US $ (cd rsaref-2.0; gzip -d -c ../rsaref20.tar.Z | tar xvf -) US @@ -167,7 +167,7 @@ $ cd openssl-0.9.x ALL $ sh config \ ALL no-idea \ EU - -L`pwd`/../rsaref-2.0/local/ rsaref \ US + -L`pwd`/../rsaref-2.0/local/rsaref \ US -fPIC OPTIONAL $ make ALL $ make test OPTIONAL @@ -203,18 +203,18 @@ use a high-performance RAM-based session cache instead of a disk-based one. - $ cd mm-1.0.x OPTIONAL + $ cd mm-1.1.x OPTIONAL $ ./configure --disable-shared OPTIONAL $ make OPTIONAL $ cd .. OPTIONAL NOTE: When your system already has MM installed in system locations you can ignore the steps above and then use `EAPI_MM=SYSTEM' - instead of `EAPI_MM=../mm-1.0.x' below. + instead of `EAPI_MM=../mm-1.1.x' below. NOTE: Do not forget the --disable-shared option above. Else you've to establish an explicit LD_LIBRARY_PATH which includes the - /path/to/mm-1.0.x/.libs/ directory or the compilation of Apache + /path/to/mm-1.1.x/.libs/ directory or the compilation of Apache will fail because the shared library cannot be found. 5. Now apply the mod_ssl source extension and source patches to the Apache @@ -236,7 +236,7 @@ --with-apache=../apache_1.3.x \ ALL --with-ssl=../openssl-0.9.x \ ALL --with-rsa=../rsaref-2.0/local \ US - --with-mm=../mm-1.0.x \ OPTIONAL + --with-mm=../mm-1.1.x \ OPTIONAL --with-crt=/path/to/your/server.crt \ OPTIONAL --with-key=/path/to/your/server.key \ OPTIONAL --prefix=/path/to/apache \ ALL @@ -316,7 +316,7 @@ $ cd apache_1.3.x ALL $ SSL_BASE=../openssl-0.9.x \ ALL RSA_BASE=../rsaref-2.0/local \ US - EAPI_MM=../mm-1.0.x \ OPTIONAL + EAPI_MM=../mm-1.1.x \ OPTIONAL ./configure \ ALL --enable-module=ssl \ ALL --prefix=/path/to/apache \ ALL @@ -406,22 +406,34 @@ 6. Try out Apache without SSL (only HTTP protocol possible): - $ /path/to/apache/sbin/apachectl start ALL + $ /path/to/apache/bin/apachectl start ALL $ netscape http://<local-host-name>/ ALL - $ /path/to/apache/sbin/apachectl stop ALL + $ /path/to/apache/bin/apachectl stop ALL 7. Try out Apache with SSL (both HTTP and HTTPS protocol possible): - $ /path/to/apache/sbin/apachectl startssl ALL - $ netscape http://<local-host-name>/ ALL - $ netscape https://<local-host-name>/ ALL - $ /path/to/apache/sbin/apachectl stop ALL + $ /path/to/apache/bin/apachectl startssl ALL + $ netscape http://<local-host-name><http-port>/ ALL + $ netscape https://<local-host-name><https-port>/ ALL + $ /path/to/apache/bin/apachectl stop ALL NOTE: Replace the `<local-host-name>' with the official name of your host. Do not enter `localhost' here, because this name has to match the Common Name (CN) of the Subject's Distinguished Name (DN) inside your server certificate. + NOTE: If you have built and installed under root (uid 0), + leave out the the `<http-port>' and `<https-port>' strings above. + If you have built and installed under a different user than root, + replace `<http-port>' with `:8080' and `<https-port>' with `:8443' + above. The reason just is that Apache pre-configures the installed + configuration file for direct use (at least as long the APACI + option --without-confadjust is not used). For using the official + ports (80 for HTTP and 443 for HTTPS) root priviledges are required + under run-time, so APACI assumes that it has to use alternate ports + (8080 for HTTP and 8443 for HTTPS) if the built and installation is + done under non-root users. + NOTE: When the above tests (steps 6 and 7) fail for some reasons you are _STRONGLY ADVISED_ to look into the Apache error logfile before you ask someone other for help. In the error logfile there @@ -466,7 +478,7 @@ $ cd mod_ssl-2.6.x-1.3.x ALL $ ./configure \ ALL - --with-apxs[=/path/to/apache/sbin/apxs] \ ALL + --with-apxs[=/path/to/apache/bin/apxs] \ ALL --with-ssl=/path/to/openssl \ ALL --with-rsa=/path/to/rsaref US $ make ALL diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html index 30ea742cde1..8aa0c8e7672 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html @@ -127,23 +127,49 @@ H4 { font-style: normal; } --></style> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +function ro_imgNormal(imgName) { + if (document.images) { + document[imgName].src = eval(imgName + '_n.src'); + self.status = ''; + } +} +function ro_imgOver(imgName, descript) { + if (document.images) { + document[imgName].src = eval(imgName + '_o.src'); + self.status = descript; + } +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_unknown1_n = new Image(); + ro_img_unknown1_n.src = 'ssl_template.navbut-next-n.gif'; + ro_img_unknown1_o = new Image(); + ro_img_unknown1_o.src = 'ssl_template.navbut-next-s.gif'; +} +// done hiding --> +</script> </head> <body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> <div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> <tr> <td> <br> -<table cellspacing="0" cellpadding="0" border="0"> +<table cellspacing="0" cellpadding="0" border="0" summary=""> <tr> <td> - <table cellspacing="0" cellpadding="0" border="0"> + <table cellspacing="0" cellpadding="0" border="0" summary=""> <tr> <td> <img src="ssl_cover_title.jpg" - alt="User Manual" - width="421" height="73"> + alt="User Manual" width="421" height="73" +> </td> </tr> <tr> @@ -162,8 +188,8 @@ H4 { ><img src="ssl_cover_logo.jpg" alt="mod_ssl - The Apache Interface to OpenSSL" - border="0" - width="504" height="231"></a> + border="0" width="504" height="231" +></a> </td> </tr> <tr> @@ -179,42 +205,7 @@ H4 { </td> <td align="right" valign="bottom"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -function ro_imgNormal(imgName) { - if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); - self.status = ''; - } -} -function ro_imgOver(imgName, descript) { - if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); - self.status = descript; - } -} -// done hiding --> -</script> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_unknown1_n = new Image(); - ro_img_unknown1_n.src = "ssl_template.navbut-next-n.gif"; - ro_img_unknown1_o = new Image(); - ro_img_unknown1_o.src = "ssl_template.navbut-next-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_overview.html" - onMouseOver="ro_imgOver('ro_img_unknown1', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_unknown1'); return true" -><img - name="ro_img_unknown1" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br>Overview +<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_unknown1', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_unknown1'); return true" onfocus="ro_imgOver('ro_img_unknown1', 'next page'); return true" onblur="ro_imgNormal('ro_img_unknown1'); return true"><img name="ro_img_unknown1" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br>Overview </td> <td> <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="30" height="1" align="bottom" border="0"> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html index 19875dfb13f..8c49c2cc711 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html @@ -127,47 +127,17 @@ H4 { font-style: normal; } --></style> -</head> -<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> -<div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> -<tr> - <td> - <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> - <table width="600" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table width="600"> - <tr> - <td align="left" valign="bottom"> - <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> - </td> - <td align="right"> - <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-4.gif" alt="4" width="74" height="89"> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> - </tr> - <tr> - <td> - <table width="600" border="0"> - <tr> - <td valign="top" align="left" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code function ro_imgNormal(imgName) { if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); + document[imgName].src = eval(imgName + '_n.src'); self.status = ''; } } function ro_imgOver(imgName, descript) { if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); + document[imgName].src = eval(imgName + '_o.src'); self.status = descript; } } @@ -177,44 +147,76 @@ function ro_imgOver(imgName, descript) { <!-- Hiding the code if (document.images) { ro_img_prev_top_n = new Image(); - ro_img_prev_top_n.src = "ssl_template.navbut-prev-n.gif"; + ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; ro_img_prev_top_o = new Image(); - ro_img_prev_top_o.src = "ssl_template.navbut-prev-s.gif"; + ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_bot_n = new Image(); + ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_bot_o = new Image(); + ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; } // done hiding --> </script> -<a href="ssl_reference.html" - onMouseOver="ro_imgOver('ro_img_prev_top', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_top'); return true" -><img - name="ro_img_prev_top" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Reference</font> - </td> - <td valign="top" align="right" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code if (document.images) { ro_img_next_top_n = new Image(); - ro_img_next_top_n.src = "ssl_template.navbut-next-n.gif"; + ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif'; ro_img_next_top_o = new Image(); - ro_img_next_top_o.src = "ssl_template.navbut-next-s.gif"; + ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif'; } // done hiding --> </script> -<a href="ssl_howto.html" - onMouseOver="ro_imgOver('ro_img_next_top', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_top'); return true" -><img - name="ro_img_next_top" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">HowTo</font> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_next_bot_n = new Image(); + ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif'; + ro_img_next_bot_o = new Image(); + ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif'; +} +// done hiding --> +</script> +</head> +<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> +<div align="center"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> +<tr> + <td> + <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> + <table width="600" cellspacing="0" cellpadding="0" summary=""> + <tr> + <td> + <table width="600" summary=""> + <tr> + <td align="left" valign="bottom"> + <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> + </td> + <td align="right"> + <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-4.gif" alt="4" width="74" height="89"> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> + </tr> + <tr> + <td> + <table width="600" border="0" summary=""> + <tr> + <td valign="top" align="left" width="250"> +<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font> + </td> + <td valign="top" align="right" width="250"> +<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font> </td> </tr> </table> @@ -222,17 +224,19 @@ if (document.images) { </tr> <tr> <td> - <br> + <br> <img src="ssl_template.title-compat.gif" alt="Compatibility" width="456" height="60"> </td> </tr> </table> -<DIV align="right"> -<table cellspacing="0" cellpadding="0" width="200"> +<div align="right"> +<table cellspacing="0" cellpadding="0" width="200" summary=""> <tr> <td> -<em>All PCs are compatible. But some of -them are more compatible than others.</em> +<em> +All PCs are compatible. But some of +them are more compatible than others. +</em> </td> </tr> <tr> @@ -245,7 +249,7 @@ Unknown </table> </div> <p> -<table cellspacing="0" cellpadding="0" border="0"> +<table cellspacing="0" cellpadding="0" border="0" summary=""> <tr valign="bottom"> <td> <img src="ssl_compat.gfont000.gif" alt="H" width="40" height="34" border="0" align="left"> @@ -266,8 +270,8 @@ mod_ssl since Stronghold 3.x). </td> <td> -<DIV align="right"> -<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff"> +<div align="right"> +<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary=""> <tr> <td bgcolor="#333399"> <font face="Arial,Helvetica" color="#ccccff"> @@ -295,7 +299,7 @@ superset of the functionality of all other solutions we can easily provide backward compatibility for most of the cases. Actually there are three compatibility areas we currently address: configuration directives, environment variables and custom log functions. -<H2><a name="ToC1">Configuration Directives</a></H2> +<h2><a name="ToC1">Configuration Directives</a></h2> For backward compatibility to the configuration directives of other SSL solutions we do an on-the-fly mapping: directives which have a direct counterpart in mod_ssl are mapped silently while other directives lead to a @@ -308,11 +312,12 @@ provide. <p> <div align="center"> <a name="table1"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 1: Configuration Directive Mapping</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="2" width="598"> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table border="0" cellspacing="0" cellpadding="2" width="598" summary=""> <tr id="D"> <td><strong>Old Directive</strong></td> <td><strong>mod_ssl Directive</strong></td> @@ -366,13 +371,14 @@ provide. <tr id="D"><td><code>SSLProxyCACertificateFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr> <tr id="H"><td><code>SSLProxyVerifyDepth</code> <em>number</em></td><td>-</td><td>functionality not supported</td></tr> <tr id="D"><td><code>SSLProxyCipherList</code> <em>spec</em></td><td>-</td><td>functionality not supported</td></tr> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> <p> <br> -<H2><a name="ToC2">Environment Variables</a></H2> +<h2><a name="ToC2">Environment Variables</a></h2> When you use ``<code>SSLOptions +CompatEnvVars</code>'' additional environment variables are generated. They all correspond to existing official mod_ssl variables. The currently implemented variable derivation is listed in <a @@ -380,11 +386,12 @@ href="#table2">Table 2</a>. <p> <div align="center"> <a name="table2"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 2: Environment Variable Derivation</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="2" width="598"> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table border="0" cellspacing="0" cellpadding="2" width="598" summary=""> <tr id="D"> <td><strong>Old Variable</strong></td> <td><strong>mod_ssl Variable</strong></td> @@ -455,13 +462,14 @@ href="#table2">Table 2</a>. <tr id="D"><td><code>SSL_CLIENT_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr> <tr id="H"><td><code>SSL_CLIENT_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr> <tr id="D"><td><code>SSL_CLIENT_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> <p> <br> -<H2><a name="ToC3">Custom Log Functions</a></H2> +<h2><a name="ToC3">Custom Log Functions</a></h2> When mod_ssl is built into Apache or at least loaded (under DSO situation) additional functions exist for the <a href="../mod_log_config.html#formats">Custom Log Format</a> of <a @@ -475,11 +483,12 @@ are listed in <a href="#table3">Table 3</a>. <p> <div align="center"> <a name="table3"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 3: Custom Log Cryptography Function</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="2" width="598"> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table border="0" cellspacing="0" cellpadding="2" width="598" summary=""> <tr id="H"> <td><strong>Function Call</strong></td> <td><strong>Description</strong></td> @@ -490,60 +499,23 @@ are listed in <a href="#table3">Table 3</a>. <tr id="H"><td><code>%...{issuerdn}c</code></td> <td>Client Certificate Issuer Distinguished Name</td></tr> <tr id="D"><td><code>%...{errcode}c</code></td> <td>Certificate Verification Error (numerical)</td></tr> <tr id="H"><td><code>%...{errstr}c</code></td> <td>Certificate Verification Error (string)</td></tr> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> - <p> + <p> <br> <table> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_bot_n = new Image(); - ro_img_prev_bot_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_bot_o = new Image(); - ro_img_prev_bot_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_reference.html" - onMouseOver="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_bot'); return true" -><img - name="ro_img_prev_bot" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Reference</font> +<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font> </td> <td valign="top" align="right" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_next_bot_n = new Image(); - ro_img_next_bot_n.src = "ssl_template.navbut-next-n.gif"; - ro_img_next_bot_o = new Image(); - ro_img_next_bot_o.src = "ssl_template.navbut-next-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_howto.html" - onMouseOver="ro_imgOver('ro_img_next_bot', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_bot'); return true" -><img - name="ro_img_next_bot" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">HowTo</font> +<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font> </td> </tr> </table> @@ -553,7 +525,7 @@ if (document.images) { <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> </tr> <tr> - <td> <table width="598"> + <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> <a href="http://www.modssl.org/">mod_ssl</a> 2.6, User Manual<br> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html index aedc52bd62c..9ffed96cb3c 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html @@ -127,47 +127,17 @@ H4 { font-style: normal; } --></style> -</head> -<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> -<div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> -<tr> - <td> - <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> - <table width="600" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table width="600"> - <tr> - <td align="left" valign="bottom"> - <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> - </td> - <td align="right"> - <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-6.gif" alt="6" width="74" height="89"> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> - </tr> - <tr> - <td> - <table width="600" border="0"> - <tr> - <td valign="top" align="left" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code function ro_imgNormal(imgName) { if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); + document[imgName].src = eval(imgName + '_n.src'); self.status = ''; } } function ro_imgOver(imgName, descript) { if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); + document[imgName].src = eval(imgName + '_o.src'); self.status = descript; } } @@ -177,44 +147,76 @@ function ro_imgOver(imgName, descript) { <!-- Hiding the code if (document.images) { ro_img_prev_top_n = new Image(); - ro_img_prev_top_n.src = "ssl_template.navbut-prev-n.gif"; + ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; ro_img_prev_top_o = new Image(); - ro_img_prev_top_o.src = "ssl_template.navbut-prev-s.gif"; + ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_bot_n = new Image(); + ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_bot_o = new Image(); + ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; } // done hiding --> </script> -<a href="ssl_howto.html" - onMouseOver="ro_imgOver('ro_img_prev_top', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_top'); return true" -><img - name="ro_img_prev_top" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">HowTo</font> - </td> - <td valign="top" align="right" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code if (document.images) { ro_img_next_top_n = new Image(); - ro_img_next_top_n.src = "ssl_template.navbut-next-n.gif"; + ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif'; ro_img_next_top_o = new Image(); - ro_img_next_top_o.src = "ssl_template.navbut-next-s.gif"; + ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_next_bot_n = new Image(); + ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif'; + ro_img_next_bot_o = new Image(); + ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif'; } // done hiding --> </script> -<a href="ssl_glossary.html" - onMouseOver="ro_imgOver('ro_img_next_top', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_top'); return true" -><img - name="ro_img_next_top" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Glossary</font> +</head> +<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> +<div align="center"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> +<tr> + <td> + <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> + <table width="600" cellspacing="0" cellpadding="0" summary=""> + <tr> + <td> + <table width="600" summary=""> + <tr> + <td align="left" valign="bottom"> + <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> + </td> + <td align="right"> + <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-6.gif" alt="6" width="74" height="89"> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> + </tr> + <tr> + <td> + <table width="600" border="0" summary=""> + <tr> + <td valign="top" align="left" width="250"> +<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font> + </td> + <td valign="top" align="right" width="250"> +<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font> </td> </tr> </table> @@ -222,17 +224,19 @@ if (document.images) { </tr> <tr> <td> - <br> + <br> <img src="ssl_template.title-faq.gif" alt="F.A.Q." width="456" height="60"> </td> </tr> </table> -<DIV align="right"> -<table cellspacing="0" cellpadding="0" width="200"> +<div align="right"> +<table cellspacing="0" cellpadding="0" width="200" summary=""> <tr> <td> -<em>``The wise man doesn't give the right answers, -he poses the right questions.''</em> +<em> +``The wise man doesn't give the right answers, +he poses the right questions.'' +</em> </td> </tr> <tr> @@ -245,7 +249,7 @@ Claude Levi-Strauss </table> </div> <p> -<table cellspacing="0" cellpadding="0" border="0"> +<table cellspacing="0" cellpadding="0" border="0" summary=""> <tr valign="bottom"> <td> <img src="ssl_faq.gfont000.gif" alt="T" width="34" height="34" border="0" align="left"> @@ -266,8 +270,8 @@ author. </td> <td> -<DIV align="right"> -<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="350"> +<div align="right"> +<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="350" summary=""> <tr> <td bgcolor="#333399"> <font face="Arial,Helvetica" color="#ccccff"> @@ -341,12 +345,14 @@ author. </td> </tr> </table> -<H2><a name="ToC1">About the module</a></H2> +<h2><a name="ToC1">About the module</a></h2> <ul> <p> <li><a name="ToC2"></a> <a name="history"></a> - <strong id="faq">What is the history of mod_ssl?</strong> + <strong id="faq"> +What is the history of mod_ssl? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#history"><b>L</b></a>] <p> The mod_ssl v1 package was initially created in April 1998 by <a @@ -361,7 +367,7 @@ author. 1998. As of this writing (August 1999) the current mod_ssl version is 2.4.0. <p> After one year of very active development with over 1000 working hours and - over 40 releases mod_ssl reached it's current state. The result is an + over 40 releases mod_ssl reached its current state. The result is an already very clean source base implementing a very rich functionality. The code size increased by a factor of 4 to currently a total of over 10.000 lines of ANSI C consisting of approx. 70% code and 30% code @@ -370,28 +376,30 @@ author. <p> <li><a name="ToC3"></a> <a name="apssl-diff"></a> - <strong id="faq">What are the functional differences between mod_ssl and Apache-SSL, from where -it is originally derived?</strong> + <strong id="faq"> +What are the functional differences between mod_ssl and Apache-SSL, from where +it is originally derived? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#apssl-diff"><b>L</b></a>] <p> - This neither can be answered in short (there were too much code changes) - nor can be answered at all by the author (there would be immediately flame + This neither can be answered in short (there were too many code changes) + nor can be answered at all by the author (there would immediately be flame wars with no reasonable results at the end). But as you easily can guess - from the 5% of remaining Apache-SSL code, lot's of differences exists, + from the 5% of remaining Apache-SSL code, a lot of differences exists, although user-visible backward compatibility exists for most things. <p> - When you really want a detailed comparison you've to read the entries in - the large <code>CHANGES</code> file you can find in the mod_ssl - distribution. Usually this is too much hard-core. So I recommend you to + When you really want a detailed comparison you have to read the entries in + the large <code>CHANGES</code> file that is in the mod_ssl + distribution. Usually this is much too hard-core. So I recommend you to either believe in the opinion and recommendations of other users (the simplest approach) or do a comparison yourself (the most reasonable - approach). For this grab distributions of mod_ssl (from <a + approach). For the latter, grab distributions of mod_ssl (from <a href="http://www.modssl.org/">http://www.modssl.org</a>) and Apache-SSL (from <a href="http://www.apache-ssl.org/">http://www.apache-ssl.org</a>), install both packages, read their documentation and try them out yourself. Then choose the one which pleases you most. <p> - A few final hints to direct your comparison: quality of documentation + A few final hints to help direct your comparison: quality of documentation ("can you easily find answers and are they sufficient?"), quality of source code ("is the source code reviewable so you can make sure there aren't any trapdoors or inherent security risks because of bad programming @@ -409,8 +417,10 @@ it is originally derived?</strong> <p> <li><a name="ToC4"></a> <a name="apssl-diff"></a> - <strong id="faq">What are the major differences between mod_ssl and -the commercial alternatives like Raven or Stronghold?</strong> + <strong id="faq"> +What are the major differences between mod_ssl and +the commercial alternatives like Raven or Stronghold? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#apssl-diff"><b>L</b></a>] <p> As of this writing (end of the year 1999) the major difference is @@ -421,7 +431,7 @@ the commercial alternatives like Raven or Stronghold?</strong> even for US citizens the situations is at least solved next year (September 20th, 2000) when the RSA patent expires. <p> - Second, there is the point that one has guarrantied support from + Second, there is the point that one has guaranteed support from the commercial vendors. On the other hand, if you monitored the Open Source quality of mod_ssl and the support activities found on <a href="mailto:modssl-users@modssl.org"> @@ -431,7 +441,7 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> Third, people often think they would receive perhaps at least a better technical SSL solution than mod_ssl from the commercial - vendors. But this is not really the truth, because all commercial + vendors. But this is not really true, because all commercial alternatives (Raven 1.4.x, Stronghold 3.x, RedHat SWS 2.x, etc.) <i>are</i> actually based on mod_ssl and OpenSSL. The reason for this common misunderstanding is mainly because some vendors make no @@ -439,9 +449,9 @@ the commercial alternatives like Raven or Stronghold?</strong> mod_ssl based. So, do not think, just because the commercial alternatives are usually more expensive, that you are also receiving an alternative <i>technical</i> SSL solution. This is usually not - the case. Actually the vendors versions of Apache, mod_ssl and OpenSSL - often stay behind the latest free versions and this way still do not - include perhaps important bug and security fixes. On the other hand, + the case. Actually the vendor versions of Apache, mod_ssl and OpenSSL + often stay behind the latest free versions and perhaps this way still do not + include important bug and security fixes. On the other hand, it sometimes occurs that a vendor version includes useful changes which are not available through the official freely available packages. But most vendors play fair and contribute back those @@ -449,7 +459,7 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> So, in short: There are lots of commercial versions of the popular Apache+mod_ssl+OpenSSL server combination available. And until the - RSA patent expires in the year 2000, US citizens have no chance, + RSA patent expires in the year 2000, US citizens have no choice, of course. They have to buy one of the commercial versions. Non-US citizens are not forced into this situation and should decide carefully whether they really need to buy a commercial version or @@ -458,7 +468,9 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> <li><a name="ToC5"></a> <a name="what-version"></a> - <strong id="faq">How do I know which mod_ssl version is for which Apache version?</strong> + <strong id="faq"> +How do I know which mod_ssl version is for which Apache version? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#what-version"><b>L</b></a>] <p> That's trivial: mod_ssl uses version strings of the syntax @@ -471,14 +483,16 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> <li><a name="ToC6"></a> <a name="y2k"></a> - <strong id="faq">Is mod_ssl Year 2000 compliant?</strong> + <strong id="faq"> +Is mod_ssl Year 2000 compliant? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#y2k"><b>L</b></a>] <p> Yes, mod_ssl is Year 2000 compliant. <p> Because first mod_ssl internally never stores years as two digits. Instead it always uses the ANSI C & POSIX numerical data type - <code>time_t</code> type, which on mostly all Unix platforms at the moment + <code>time_t</code> type, which on almost all Unix platforms at the moment is a <code>signed long</code> (usually 32-bits) representing seconds since epoch of January 1st, 1970, 00:00 UTC. This signed value overflows in early January 2038 and not in the year 2000. Second, date and time @@ -494,7 +508,9 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> <li><a name="ToC7"></a> <a name="wassenaar"></a> - <strong id="faq">What about mod_ssl and the Wassenaar Arrangement?</strong> + <strong id="faq"> +What about mod_ssl and the Wassenaar Arrangement? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#wassenaar"><b>L</b></a>] <p> First, let us explain what <i>Wassenaar</i> and it's <i>Arrangement on @@ -546,12 +562,14 @@ the commercial alternatives like Raven or Stronghold?</strong> </ul> <p> <br> -<H2><a name="ToC8">About Installation</a></H2> +<h2><a name="ToC8">About Installation</a></h2> <ul> <p> <li><a name="ToC9"></a> <a name="core-dbm"></a> - <strong id="faq">When I access my website the first time via HTTPS I get a core dump?</strong> + <strong id="faq"> +When I access my website the first time via HTTPS I get a core dump? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#core-dbm"><b>L</b></a>] <p> There can be a lot of reasons why a core dump can occur, of course. @@ -560,12 +578,14 @@ the commercial alternatives like Raven or Stronghold?</strong> broken vendor DBM libraries. To solve it either build mod_ssl with the built-in SDBM library (specify <tt>--enable-rule=SSL_SDBM</tt> at the APACI command line) or switch from ``<tt>SSLSessionCache dbm:</tt>'' to the - newer ``<tt>SSLSessionCache shm:</tt>'' variant (after you've rebuilt + newer ``<tt>SSLSessionCache shm:</tt>'' variant (after you have rebuilt Apache with MM, of course). <p> <li><a name="ToC10"></a> <a name="core-php3"></a> - <strong id="faq">My Apache dumps core when I add both mod_ssl and PHP3?</strong> + <strong id="faq"> +My Apache dumps core when I add both mod_ssl and PHP3? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#core-php3"><b>L</b></a>] <p> Make sure you add mod_ssl to the Apache source tree first and then do a @@ -576,7 +596,9 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> <li><a name="ToC11"></a> <a name="dso-sym"></a> - <strong id="faq">When I startup Apache I get errors about undefined symbols like ap_global_ctx?</strong> + <strong id="faq"> +When I startup Apache I get errors about undefined symbols like ap_global_ctx? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#dso-sym"><b>L</b></a>] <p> This actually means you installed mod_ssl as a DSO, but without rebuilding @@ -587,7 +609,9 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> <li><a name="ToC12"></a> <a name="mutex-perm"></a> - <strong id="faq">When I startup Apache I get permission errors related to SSLMutex?</strong> + <strong id="faq"> +When I startup Apache I get permission errors related to SSLMutex? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#mutex-perm"><b>L</b></a>] <p> When you receive entries like ``<code>mod_ssl: Child could not open @@ -601,8 +625,10 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> <li><a name="ToC13"></a> <a name="mm"></a> - <strong id="faq">When I use the MM library and the shared memory cache each process grows -1.5MB according to `top' although I specified 512000 as the cache size?</strong> + <strong id="faq"> +When I use the MM library and the shared memory cache each process grows +1.5MB according to `top' although I specified 512000 as the cache size? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#mm"><b>L</b></a>] <p> The additional 1MB are caused by the global shared memory pool EAPI @@ -617,9 +643,11 @@ the commercial alternatives like Raven or Stronghold?</strong> <p> <li><a name="ToC14"></a> <a name="mmpath"></a> - <strong id="faq">Apache creates files in a directory declared by the internal + <strong id="faq"> +Apache creates files in a directory declared by the internal EAPI_MM_CORE_PATH define. Is there a way to override the path using a -configuration directive?</strong> +configuration directive? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#mmpath"><b>L</b></a>] <p> No, there is not configuration directive, because for technical @@ -630,9 +658,11 @@ configuration directive?</strong> <p> <li><a name="ToC15"></a> <a name="entropy"></a> - <strong id="faq">When I fire up the server, mod_ssl stops with the error + <strong id="faq"> +When I fire up the server, mod_ssl stops with the error "Failed to generate temporary 512 bit RSA private key", why? -And a "PRNG not seeded" error occurs if I try "make certificate".</strong> +And a "PRNG not seeded" error occurs if I try "make certificate". +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#entropy"><b>L</b></a>] <p> Cryptographic software needs a source of unpredictable data @@ -654,12 +684,14 @@ And a "PRNG not seeded" error occurs if I try "make certificate".</strong> </ul> <p> <br> -<H2><a name="ToC16">About Configuration</a></H2> +<h2><a name="ToC16">About Configuration</a></h2> <ul> <p> <li><a name="ToC17"></a> <a name="https-parallel"></a> - <strong id="faq">Is it possible to provide HTTP and HTTPS with a single server?</strong></strong> + <strong id="faq"> +Is it possible to provide HTTP and HTTPS with a single server?</strong> +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#https-parallel"><b>L</b></a>] <p> Yes, HTTP and HTTPS use different server ports, so there is no direct @@ -671,7 +703,9 @@ And a "PRNG not seeded" error occurs if I try "make certificate".</strong> <p> <li><a name="ToC18"></a> <a name="https-port"></a> - <strong id="faq">I know that HTTP is on port 80, but where is HTTPS?</strong> + <strong id="faq"> +I know that HTTP is on port 80, but where is HTTPS? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#https-port"><b>L</b></a>] <p> You can run HTTPS on any port, but the standards specify port 443, which @@ -681,7 +715,9 @@ And a "PRNG not seeded" error occurs if I try "make certificate".</strong> <p> <li><a name="ToC19"></a> <a name="https-test"></a> - <strong id="faq">How can I speak HTTPS manually for testing purposes?</strong> + <strong id="faq"> +How can I speak HTTPS manually for testing purposes? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#https-test"><b>L</b></a>] <p> While you usually just use @@ -710,7 +746,9 @@ And a "PRNG not seeded" error occurs if I try "make certificate".</strong> <p> <li><a name="ToC20"></a> <a name="hang"></a> - <strong id="faq">Why does the connection hang when I connect to my SSL-aware Apache server?</strong> + <strong id="faq"> +Why does the connection hang when I connect to my SSL-aware Apache server? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#hang"><b>L</b></a>] <p> Because you connected with HTTP to the HTTPS port, i.e. you used an URL of @@ -723,8 +761,10 @@ And a "PRNG not seeded" error occurs if I try "make certificate".</strong> <p> <li><a name="ToC21"></a> <a name="hang"></a> - <strong id="faq">Why do I get ``Connection Refused'' messages when trying to access my freshly -installed Apache+mod_ssl server via HTTPS?</strong> + <strong id="faq"> +Why do I get ``Connection Refused'' messages when trying to access my freshly +installed Apache+mod_ssl server via HTTPS? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#hang"><b>L</b></a>] <p> There can be various reasons. Some of the common mistakes is that people @@ -738,8 +778,10 @@ installed Apache+mod_ssl server via HTTPS?</strong> <p> <li><a name="ToC22"></a> <a name="env-vars"></a> - <strong id="faq">In my CGI programs and SSI scripts the various documented -<code>SSL_XXX</code> variables do not exists. Why?</strong> + <strong id="faq"> +In my CGI programs and SSI scripts the various documented +<code>SSL_XXX</code> variables do not exists. Why? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#env-vars"><b>L</b></a>] <p> Just make sure you have ``<code>SSLOptions +StdEnvVars</code>'' @@ -747,7 +789,9 @@ installed Apache+mod_ssl server via HTTPS?</strong> <p> <li><a name="ToC23"></a> <a name="relative-links"></a> - <strong id="faq">How can I use relative hyperlinks to switch between HTTP and HTTPS?</strong> + <strong id="faq"> +How can I use relative hyperlinks to switch between HTTP and HTTPS? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#relative-links"><b>L</b></a>] <p> Usually you have to use fully-qualified hyperlinks because @@ -766,12 +810,14 @@ installed Apache+mod_ssl server via HTTPS?</strong> </ul> <p> <br> -<H2><a name="ToC24">About Certificates</a></H2> +<h2><a name="ToC24">About Certificates</a></h2> <ul> <p> <li><a name="ToC25"></a> <a name="what-is"></a> - <strong id="faq">What are RSA Private Keys, CSRs and Certificates?</strong></strong> + <strong id="faq"> +What are RSA Private Keys, CSRs and Certificates?</strong> +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#what-is"><b>L</b></a>] <p> The RSA private key file is a digital file that you can use to decrypt @@ -789,7 +835,9 @@ installed Apache+mod_ssl server via HTTPS?</strong> <p> <li><a name="ToC26"></a> <a name="startup"></a> - <strong id="faq">Seems like there is a difference on startup between the original Apache and an SSL-aware Apache?</strong> + <strong id="faq"> +Seems like there is a difference on startup between the original Apache and an SSL-aware Apache? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#startup"><b>L</b></a>] <p> Yes, in general, starting Apache with a built-in mod_ssl is just like @@ -805,7 +853,9 @@ installed Apache+mod_ssl server via HTTPS?</strong> <p> <li><a name="ToC27"></a> <a name="cert-dummy"></a> - <strong id="faq">How can I create a dummy SSL server Certificate for testing purposes?</strong> + <strong id="faq"> +How can I create a dummy SSL server Certificate for testing purposes? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#cert-dummy"><b>L</b></a>] <p> A Certificate does not have to be signed by a public CA. You can use your @@ -827,8 +877,10 @@ installed Apache+mod_ssl server via HTTPS?</strong> <p> <li><a name="ToC28"></a> <a name="cert-real"></a> - <strong id="faq">Ok, I've got my server installed and want to create a real SSL -server Certificate for it. How do I do it?</strong> + <strong id="faq"> +Ok, I've got my server installed and want to create a real SSL +server Certificate for it. How do I do it? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#cert-real"><b>L</b></a>] <p> Here is a step-by-step description: @@ -923,7 +975,9 @@ server Certificate for it. How do I do it?</strong> <p> <li><a name="ToC29"></a> <a name="cert-ownca"></a> - <strong id="faq">How can I create and use my own Certificate Authority (CA)?</strong> + <strong id="faq"> +How can I create and use my own Certificate Authority (CA)? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#cert-ownca"><b>L</b></a>] <p> The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code> @@ -973,7 +1027,9 @@ server Certificate for it. How do I do it?</strong> <p> <li><a name="ToC30"></a> <a name="change-passphrase"></a> - <strong id="faq">How can I change the pass-phrase on my private key file?</strong> + <strong id="faq"> +How can I change the pass-phrase on my private key file? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#change-passphrase"><b>L</b></a>] <p> You simply have to read it with the old pass-phrase and write it again @@ -989,7 +1045,9 @@ server Certificate for it. How do I do it?</strong> <p> <li><a name="ToC31"></a> <a name="remove-passphrase"></a> - <strong id="faq">How can I get rid of the pass-phrase dialog at Apache startup time?</strong> + <strong id="faq"> +How can I get rid of the pass-phrase dialog at Apache startup time? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#remove-passphrase"><b>L</b></a>] <p> The reason why this dialog pops up at startup and every re-start @@ -1024,7 +1082,9 @@ server Certificate for it. How do I do it?</strong> <p> <li><a name="ToC32"></a> <a name="verify-key"></a> - <strong id="faq">How do I verify that a private key matches its Certificate?</strong> + <strong id="faq"> +How do I verify that a private key matches its Certificate? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#verify-key"><b>L</b></a>] <p> The private key contains a series of numbers. Two of those numbers form @@ -1054,8 +1114,10 @@ server Certificate for it. How do I do it?</strong> <p> <li><a name="ToC33"></a> <a name="keysize1"></a> - <strong id="faq">What does it mean when my connections fail with an "alert bad certificate" -error?</strong> + <strong id="faq"> +What does it mean when my connections fail with an "alert bad certificate" +error? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#keysize1"><b>L</b></a>] <p> Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL @@ -1066,7 +1128,9 @@ error?</strong> <p> <li><a name="ToC34"></a> <a name="keysize2"></a> - <strong id="faq">Why does my 2048-bit private key not work?</strong> + <strong id="faq"> +Why does my 2048-bit private key not work? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#keysize2"><b>L</b></a>] <p> The private key sizes for SSL must be either 512 or 1024 for compatibility @@ -1077,8 +1141,10 @@ error?</strong> <p> <li><a name="ToC35"></a> <a name="hash-symlinks"></a> - <strong id="faq">Why is client authentication broken after upgrading from -SSLeay version 0.8 to 0.9?</strong> + <strong id="faq"> +Why is client authentication broken after upgrading from +SSLeay version 0.8 to 0.9? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#hash-symlinks"><b>L</b></a>] <p> The CA certificates under the path you configured with @@ -1091,7 +1157,9 @@ SSLeay version 0.8 to 0.9?</strong> <p> <li><a name="ToC36"></a> <a name="pem-to-der"></a> - <strong id="faq">How can I convert a certificate from PEM to DER format?</strong> + <strong id="faq"> +How can I convert a certificate from PEM to DER format? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#pem-to-der"><b>L</b></a>] <p> The default certificate format for SSLeay/OpenSSL is PEM, which actually @@ -1103,8 +1171,10 @@ SSLeay version 0.8 to 0.9?</strong> <p> <li><a name="ToC37"></a> <a name="verisign-getca"></a> - <strong id="faq">I try to install a Verisign certificate. Why can't I find neither the -<code>getca</code> nor <code>getverisign</code> programs Verisign mentions?</strong> + <strong id="faq"> +I try to install a Verisign certificate. Why can't I find neither the +<code>getca</code> nor <code>getverisign</code> programs Verisign mentions? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#verisign-getca"><b>L</b></a>] <p> This is because Verisign has never provided specific instructions @@ -1115,14 +1185,16 @@ SSLeay version 0.8 to 0.9?</strong> that file to the <code>SSLCertificateFile</code> directive. Remember that you need to give the key file in as well (see <code>SSLCertificateKeyFile</code> directive). For a better - CA-related overview on SSL certifiate fiddling you can look at <a + CA-related overview on SSL certificate fiddling you can look at <a href="http://www.thawte.com/certs/server/keygen/mod_ssl.html"> Thawte's mod_ssl instructions</a>. <p> <li><a name="ToC38"></a> <a name="gid"></a> - <strong id="faq">Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global -ID) also with mod_ssl?</strong> + <strong id="faq"> +Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global +ID) also with mod_ssl? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#gid"><b>L</b></a>] <p> Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have @@ -1133,8 +1205,10 @@ ID) also with mod_ssl?</strong> <p> <li><a name="ToC39"></a> <a name="gid"></a> - <strong id="faq">After I have installed my new Verisign Global ID server certificate, the -browsers complain that they cannot verify the server certificate?</strong> + <strong id="faq"> +After I have installed my new Verisign Global ID server certificate, the +browsers complain that they cannot verify the server certificate? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#gid"><b>L</b></a>] <p> That is because Verisign uses an intermediate CA certificate between @@ -1148,12 +1222,14 @@ browsers complain that they cannot verify the server certificate?</strong> </ul> <p> <br> -<H2><a name="ToC40">About SSL Protocol</a></H2> +<h2><a name="ToC40">About SSL Protocol</a></h2> <ul> <p> <li><a name="ToC41"></a> <a name="load"></a> - <strong id="faq">Why has my webserver a higher load now that I run SSL there?</strong> + <strong id="faq"> +Why has my webserver a higher load now that I run SSL there? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#load"><b>L</b></a>] <p> Because SSL uses strong cryptographic encryption and this needs a lot of @@ -1163,8 +1239,10 @@ browsers complain that they cannot verify the server certificate?</strong> <p> <li><a name="ToC42"></a> <a name="random"></a> - <strong id="faq">Often HTTPS connections to my server require up to 30 seconds for establishing -the connection, although sometimes it works faster?</strong> + <strong id="faq"> +Often HTTPS connections to my server require up to 30 seconds for establishing +the connection, although sometimes it works faster? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#random"><b>L</b></a>] <p> Usually this is caused by using a <code>/dev/random</code> device for @@ -1174,7 +1252,9 @@ the connection, although sometimes it works faster?</strong> <p> <li><a name="ToC43"></a> <a name="ciphers"></a> - <strong id="faq">What SSL Ciphers are supported by mod_ssl?</strong> + <strong id="faq"> +What SSL Ciphers are supported by mod_ssl? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#ciphers"><b>L</b></a>] <p> Usually just all SSL ciphers which are supported by the @@ -1198,8 +1278,10 @@ the connection, although sometimes it works faster?</strong> <p> <li><a name="ToC44"></a> <a name="cipher-adh"></a> - <strong id="faq">I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no -shared cipher'' errors?</strong> + <strong id="faq"> +I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no +shared cipher'' errors? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#cipher-adh"><b>L</b></a>] <p> In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough @@ -1211,8 +1293,10 @@ shared cipher'' errors?</strong> <p> <li><a name="ToC45"></a> <a name="cipher-shared"></a> - <strong id="faq">I always just get a 'no shared ciphers' error if -I try to connect to my freshly installed server?</strong> + <strong id="faq"> +I always just get a 'no shared ciphers' error if +I try to connect to my freshly installed server? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#cipher-shared"><b>L</b></a>] <p> Either you have messed up your <code>SSLCipherSuite</code> @@ -1229,7 +1313,9 @@ I try to connect to my freshly installed server?</strong> <p> <li><a name="ToC46"></a> <a name="vhosts"></a> - <strong id="faq">Why can't I use SSL with name-based/non-IP-based virtual hosts?</strong> + <strong id="faq"> +Why can't I use SSL with name-based/non-IP-based virtual hosts? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#vhosts"><b>L</b></a>] <p> The reason is very technical. Actually it's some sort of a chicken and @@ -1246,9 +1332,11 @@ I try to connect to my freshly installed server?</strong> <p> <li><a name="ToC47"></a> <a name="lock-icon"></a> - <strong id="faq">When I use Basic Authentication over HTTPS the lock icon in Netscape browsers + <strong id="faq"> +When I use Basic Authentication over HTTPS the lock icon in Netscape browsers still show the unlocked state when the dialog pops up. Does this mean the -username/password is still transmitted unencrypted?</strong> +username/password is still transmitted unencrypted? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#lock-icon"><b>L</b></a>] <p> No, the username/password is already transmitted encrypted. The icon in @@ -1263,8 +1351,10 @@ username/password is still transmitted unencrypted?</strong> <p> <li><a name="ToC48"></a> <a name="io-ie"></a> - <strong id="faq">When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet -Explorer (MSIE) I get various I/O errors. What is the reason?</strong> + <strong id="faq"> +When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet +Explorer (MSIE) I get various I/O errors. What is the reason? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#io-ie"><b>L</b></a>] <p> The first reason is that the SSL implementation in some MSIE versions has @@ -1315,9 +1405,11 @@ Explorer (MSIE) I get various I/O errors. What is the reason?</strong> &nbs <p> <li><a name="ToC49"></a> <a name="io-ns"></a> - <strong id="faq">When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I + <strong id="faq"> +When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I get I/O errors and the message "Netscape has encountered bad data from the -server" What's the reason?</strong> +server" What's the reason? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#io-ns"><b>L</b></a>] <p> The problem usually is that you had created a new server certificate with @@ -1329,12 +1421,14 @@ server" What's the reason?</strong> </ul> <p> <br> -<H2><a name="ToC50">About Support</a></H2> +<h2><a name="ToC50">About Support</a></h2> <ul> <p> <li><a name="ToC51"></a> <a name="resources"></a> - <strong id="faq">What information resources are available in case of mod_ssl problems?</strong> + <strong id="faq"> +What information resources are available in case of mod_ssl problems? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#resources"><b>L</b></a>] <p> The following information resources are available. @@ -1363,7 +1457,9 @@ In case of problems you should search here first. <p> <li><a name="ToC52"></a> <a name="contact"></a> - <strong id="faq">What support contacts are available in case of mod_ssl problems?</strong> + <strong id="faq"> +What support contacts are available in case of mod_ssl problems? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#contact"><b>L</b></a>] <p> The following lists all support possibilities for mod_ssl, in order of @@ -1397,15 +1493,17 @@ you just like most, please. <p> <li><a name="ToC53"></a> <a name="report-details"></a> - <strong id="faq">What information and details I've to provide to -the author when writing a bug report?</strong> + <strong id="faq"> +What information and details I've to provide to +the author when writing a bug report? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#report-details"><b>L</b></a>] <p> You have to at least always provide the following information: <p> <ul> <li><em>Apache, mod_ssl and OpenSSL version information</em><br> - The mod_ssl version you should really know. It's for instance the version + The mod_ssl version you should really know. For instance, it's the version number in the distribution tarball. The Apache version can be determined by running ``<code>httpd -v</code>''. The OpenSSL version can be determined by running ``<code>openssl version</code>''. Alternatively when @@ -1435,7 +1533,9 @@ You have to at least always provide the following information: <p> <li><a name="ToC54"></a> <a name="core-dumped"></a> - <strong id="faq">I got a core dump, can you help me?</strong> + <strong id="faq"> +I got a core dump, can you help me? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#core-dumped"><b>L</b></a>] <p> In general no, at least not unless you provide more details about the code @@ -1446,7 +1546,9 @@ You have to at least always provide the following information: <p> <li><a name="ToC55"></a> <a name="report-backtrace"></a> - <strong id="faq">Ok, I got a core dump but how do I get a backtrace to find out the reason for it?</strong> + <strong id="faq"> +Ok, I got a core dump but how do I get a backtrace to find out the reason for it? +</strong> [<a href="http://www.modssl.org/docs/2.6/ssl_faq.html#report-backtrace"><b>L</b></a>] <p> Follow the following steps: @@ -1466,7 +1568,7 @@ Follow the following steps: done a <code>setuid()</code> (unless it does an <code>exec()</code>) for security reasons (there can be privileged information left over in memory). Additionally you can run ``<code>/path/to/httpd -X</code>'' - manually to force Apache not not fork. + manually to force Apache to not fork. <p> <li>Analyze the core-dump. For this run ``<code>gdb /path/to/httpd /tmp/httpd.core</code>'' or a similar command has to run. In GDB you then @@ -1475,56 +1577,18 @@ Follow the following steps: this backtrace to the author. </ol> </ul> - <p> + <p> <br> <table> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_bot_n = new Image(); - ro_img_prev_bot_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_bot_o = new Image(); - ro_img_prev_bot_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_howto.html" - onMouseOver="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_bot'); return true" -><img - name="ro_img_prev_bot" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">HowTo</font> +<a href="ssl_howto.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">HowTo</font> </td> <td valign="top" align="right" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_next_bot_n = new Image(); - ro_img_next_bot_n.src = "ssl_template.navbut-next-n.gif"; - ro_img_next_bot_o = new Image(); - ro_img_next_bot_o.src = "ssl_template.navbut-next-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_glossary.html" - onMouseOver="ro_imgOver('ro_img_next_bot', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_bot'); return true" -><img - name="ro_img_next_bot" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Glossary</font> +<a href="ssl_glossary.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Glossary</font> </td> </tr> </table> @@ -1534,7 +1598,7 @@ if (document.images) { <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> </tr> <tr> - <td> <table width="598"> + <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> <a href="http://www.modssl.org/">mod_ssl</a> 2.6, User Manual<br> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml index 52be25e5bb9..fc2dde8156e 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml @@ -60,12 +60,12 @@ author. </table> # container tag for layouting a question -<define-container faq> +<define-tag faq endtag=required> <preserve ref> <preserve toc> <set-var %attributes> <p> -<li><toc_h3 <get-var toc>></toc_h3> +<li><toc_h3 alt="<get-var toc>"></toc_h3> <a name="<get-var ref>"></a> <strong id="faq">%body</strong>\ @@ -73,7 +73,7 @@ author. <p> <restore toc> <restore ref> -</define-container> +</define-tag> <h2>About the module</h2> @@ -96,7 +96,7 @@ What is the history of mod_ssl? 1998. As of this writing (August 1999) the current mod_ssl version is 2.4.0. <p> After one year of very active development with over 1000 working hours and - over 40 releases mod_ssl reached it's current state. The result is an + over 40 releases mod_ssl reached its current state. The result is an already very clean source base implementing a very rich functionality. The code size increased by a factor of 4 to currently a total of over 10.000 lines of ANSI C consisting of approx. 70% code and 30% code @@ -108,24 +108,24 @@ What are the functional differences between mod_ssl and Apache-SSL, from where it is originally derived? </faq> - This neither can be answered in short (there were too much code changes) - nor can be answered at all by the author (there would be immediately flame + This neither can be answered in short (there were too many code changes) + nor can be answered at all by the author (there would immediately be flame wars with no reasonable results at the end). But as you easily can guess - from the 5% of remaining Apache-SSL code, lot's of differences exists, + from the 5% of remaining Apache-SSL code, a lot of differences exists, although user-visible backward compatibility exists for most things. <p> - When you really want a detailed comparison you've to read the entries in - the large <code>CHANGES</code> file you can find in the mod_ssl - distribution. Usually this is too much hard-core. So I recommend you to + When you really want a detailed comparison you have to read the entries in + the large <code>CHANGES</code> file that is in the mod_ssl + distribution. Usually this is much too hard-core. So I recommend you to either believe in the opinion and recommendations of other users (the simplest approach) or do a comparison yourself (the most reasonable - approach). For this grab distributions of mod_ssl (from <a + approach). For the latter, grab distributions of mod_ssl (from <a href="http://www.modssl.org/">http://www.modssl.org</a>) and Apache-SSL (from <a href="http://www.apache-ssl.org/">http://www.apache-ssl.org</a>), install both packages, read their documentation and try them out yourself. Then choose the one which pleases you most. <p> - A few final hints to direct your comparison: quality of documentation + A few final hints to help direct your comparison: quality of documentation ("can you easily find answers and are they sufficient?"), quality of source code ("is the source code reviewable so you can make sure there aren't any trapdoors or inherent security risks because of bad programming @@ -155,7 +155,7 @@ the commercial alternatives like Raven or Stronghold? (September 20th, 2000) when the RSA patent expires. <p> - Second, there is the point that one has guarrantied support from + Second, there is the point that one has guaranteed support from the commercial vendors. On the other hand, if you monitored the Open Source quality of mod_ssl and the support activities found on <a href="mailto:modssl-users@modssl.org"> @@ -166,7 +166,7 @@ the commercial alternatives like Raven or Stronghold? <p> Third, people often think they would receive perhaps at least a better technical SSL solution than mod_ssl from the commercial - vendors. But this is not really the truth, because all commercial + vendors. But this is not really true, because all commercial alternatives (Raven 1.4.x, Stronghold 3.x, RedHat SWS 2.x, etc.) <i>are</i> actually based on mod_ssl and OpenSSL. The reason for this common misunderstanding is mainly because some vendors make no @@ -174,9 +174,9 @@ the commercial alternatives like Raven or Stronghold? mod_ssl based. So, do not think, just because the commercial alternatives are usually more expensive, that you are also receiving an alternative <i>technical</i> SSL solution. This is usually not - the case. Actually the vendors versions of Apache, mod_ssl and OpenSSL - often stay behind the latest free versions and this way still do not - include perhaps important bug and security fixes. On the other hand, + the case. Actually the vendor versions of Apache, mod_ssl and OpenSSL + often stay behind the latest free versions and perhaps this way still do not + include important bug and security fixes. On the other hand, it sometimes occurs that a vendor version includes useful changes which are not available through the official freely available packages. But most vendors play fair and contribute back those @@ -185,7 +185,7 @@ the commercial alternatives like Raven or Stronghold? <p> So, in short: There are lots of commercial versions of the popular Apache+mod_ssl+OpenSSL server combination available. And until the - RSA patent expires in the year 2000, US citizens have no chance, + RSA patent expires in the year 2000, US citizens have no choice, of course. They have to buy one of the commercial versions. Non-US citizens are not forced into this situation and should decide carefully whether they really need to buy a commercial version or @@ -213,7 +213,7 @@ Is mod_ssl Year 2000 compliant? <p> Because first mod_ssl internally never stores years as two digits. Instead it always uses the ANSI C & POSIX numerical data type - <code>time_t</code> type, which on mostly all Unix platforms at the moment + <code>time_t</code> type, which on almost all Unix platforms at the moment is a <code>signed long</code> (usually 32-bits) representing seconds since epoch of January 1st, 1970, 00:00 UTC. This signed value overflows in early January 2038 and not in the year 2000. Second, date and time @@ -302,7 +302,7 @@ When I access my website the first time via HTTPS I get a core dump? broken vendor DBM libraries. To solve it either build mod_ssl with the built-in SDBM library (specify <tt>--enable-rule=SSL_SDBM</tt> at the APACI command line) or switch from ``<tt>SSLSessionCache dbm:</tt>'' to the - newer ``<tt>SSLSessionCache shm:</tt>'' variant (after you've rebuilt + newer ``<tt>SSLSessionCache shm:</tt>'' variant (after you have rebuilt Apache with MM, of course). <faq ref="core-php3" toc="Core dumps for Apache+mod_ssl+PHP3?"> @@ -886,7 +886,7 @@ I try to install a Verisign certificate. Why can't I find neither the that file to the <code>SSLCertificateFile</code> directive. Remember that you need to give the key file in as well (see <code>SSLCertificateKeyFile</code> directive). For a better - CA-related overview on SSL certifiate fiddling you can look at <a + CA-related overview on SSL certificate fiddling you can look at <a href="http://www.thawte.com/certs/server/keygen/mod_ssl.html"> Thawte's mod_ssl instructions</a>. @@ -1182,7 +1182,7 @@ You have to at least always provide the following information: <p> <ul> <li><em>Apache, mod_ssl and OpenSSL version information</em><br> - The mod_ssl version you should really know. It's for instance the version + The mod_ssl version you should really know. For instance, it's the version number in the distribution tarball. The Apache version can be determined by running ``<code>httpd -v</code>''. The OpenSSL version can be determined by running ``<code>openssl version</code>''. Alternatively when @@ -1243,7 +1243,7 @@ Follow the following steps: done a <code>setuid()</code> (unless it does an <code>exec()</code>) for security reasons (there can be privileged information left over in memory). Additionally you can run ``<code>/path/to/httpd -X</code>'' - manually to force Apache not not fork. + manually to force Apache to not fork. <p> <li>Analyze the core-dump. For this run ``<code>gdb /path/to/httpd /tmp/httpd.core</code>'' or a similar command has to run. In GDB you then diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html index 3d2674cd4f8..fac3768ce2c 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html @@ -127,23 +127,59 @@ H4 { font-style: normal; } --></style> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +function ro_imgNormal(imgName) { + if (document.images) { + document[imgName].src = eval(imgName + '_n.src'); + self.status = ''; + } +} +function ro_imgOver(imgName, descript) { + if (document.images) { + document[imgName].src = eval(imgName + '_o.src'); + self.status = descript; + } +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_top_n = new Image(); + ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_top_o = new Image(); + ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_bot_n = new Image(); + ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_bot_o = new Image(); + ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> </head> <body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> <div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> <tr> <td> - <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> - <table width="600" cellspacing="0" cellpadding="0"> + <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> + <table width="600" cellspacing="0" cellpadding="0" summary=""> <tr> <td> - <table width="600"> + <table width="600" summary=""> <tr> <td align="left" valign="bottom"> <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> </td> <td align="right"> - <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-7.gif" alt="7" width="74" height="89"> + <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-7.gif" alt="7" width="74" height="89"> </td> </tr> </table> @@ -154,45 +190,10 @@ H4 { </tr> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -function ro_imgNormal(imgName) { - if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); - self.status = ''; - } -} -function ro_imgOver(imgName, descript) { - if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); - self.status = descript; - } -} -// done hiding --> -</script> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_top_n = new Image(); - ro_img_prev_top_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_top_o = new Image(); - ro_img_prev_top_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_faq.html" - onMouseOver="ro_imgOver('ro_img_prev_top', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_top'); return true" -><img - name="ro_img_prev_top" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">F.A.Q. List</font> +<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font> </td> <td valign="top" align="right" width="250"> </td> @@ -202,17 +203,19 @@ if (document.images) { </tr> <tr> <td> - <br> + <br> <img src="ssl_template.title-gloss.gif" alt="Glossary" width="456" height="60"> </td> </tr> </table> -<DIV align="right"> -<table cellspacing="0" cellpadding="0" width="300"> +<div align="right"> +<table cellspacing="0" cellpadding="0" width="300" summary=""> <tr> <td> -<em>``I know you believe you understand what you think I said, but I am not sure you -realize that what you heard is not what I meant.''</em> +<em> +``I know you believe you understand what you think I said, but I am not sure you +realize that what you heard is not what I meant.'' +</em> </td> </tr> <tr> @@ -225,20 +228,20 @@ Richard Nixon </table> </div> <dl> -<dt><DIV id="term">Authentication</div> +<dt><div id="term">Authentication</div> <dd>The positive identification of a network entity such as a server, a client, or a user. In SSL context the server and client <em>Certificate</em> verification process. <p> -<dt><DIV id="term">Access Control</div> +<dt><div id="term">Access Control</div> <dd>The restriction of access to network realms. In Apache context usually the restriction of access to certain <em>URLs</em>. <p> -<dt><DIV id="term">Algorithm</div> +<dt><div id="term">Algorithm</div> <dd>An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are usually called <em>Ciphers</em>. <p> -<dt><DIV id="term">Certificate</div> +<dt><div id="term">Certificate</div> <dd>A data record used for authenticating network entities such as a server or a client. A certificate contains X.509 information pieces about its owner (called the subject) and the signing <em>Certificate @@ -246,33 +249,33 @@ Richard Nixon signature made by the CA. Network entities verify these signatures using CA certificates. <p> -<dt><DIV id="term">Certification Authority (CA)</div> +<dt><div id="term">Certification Authority (CA)</div> <dd>A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate. <p> -<dt><DIV id="term">Certificate Signing Request (CSR)</div> +<dt><div id="term">Certificate Signing Request (CSR)</div> <dd>An unsigned certificate for submission to a <em>Certification Authority</em>, which signs it with the <em>Private Key</em> of their CA <em>Certificate</em>. Once the CSR is signed, it becomes a real certificate. <p> -<dt><DIV id="term">Cipher</div> +<dt><div id="term">Cipher</div> <dd>An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc. <p> -<dt><DIV id="term">Ciphertext</div> +<dt><div id="term">Ciphertext</div> <dd>The result after a <em>Plaintext</em> passed a <em>Cipher</em>. <p> -<dt><DIV id="term">Configuration Directive</div> +<dt><div id="term">Configuration Directive</div> <dd>A configuration command that controls one or more aspects of a program's behavior. In Apache context these are all the command names in the first column of the configuration files. <p> -<dt><DIV id="term">CONNECT</div> +<dt><div id="term">CONNECT</div> <dd>A HTTP command for proxying raw data channels over HTTP. It can be used to encapsulate other protocols, such as the SSL protocol. <p> -<dt><DIV id="term">Digital Signature</div> +<dt><div id="term">Digital Signature</div> <dd>An encrypted text block that validates a certificate or other file. A <em>Certification Authority</em> creates a signature by generating a hash of the <em>Public Key</em> embedded in a <em>Certificate</em>, then @@ -280,118 +283,99 @@ Richard Nixon public key can decrypt the signature, verifying that the CA has authenticated the network entity that owns the <em>Certificate</em>. <p> -<dt><DIV id="term">Export-Crippled</div> +<dt><div id="term">Export-Crippled</div> <dd>Diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export-crippled cryptographic software is limited to a small key size, resulting in <em>Ciphertext</em> which usually can be decrypted by brute force. <p> -<dt><DIV id="term">Fully-Qualified Domain-Name (FQDN)</div> +<dt><div id="term">Fully-Qualified Domain-Name (FQDN)</div> <dd>The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, <code>www</code> is a hostname, <code>whatever.com</code> is a domain name, and <code>www.whatever.com</code> is a fully-qualified domain name. <p> -<dt><DIV id="term">HyperText Transfer Protocol (HTTP)</div> +<dt><div id="term">HyperText Transfer Protocol (HTTP)</div> <dd>The HyperText Transport Protocol is the standard transmission protocol used on the World Wide Web. <p> -<dt><DIV id="term">HTTPS</div> +<dt><div id="term">HTTPS</div> <dd>The HyperText Transport Protocol (Secure), the standard encrypted communication mechanism on the World Wide Web. This is actually just HTTP over SSL. <p> -<dt><DIV id="term">Message Digest</div> +<dt><div id="term">Message Digest</div> <dd>A hash of a message, which can be used to verify that the contents of the message have not been altered in transit. <p> -<dt><DIV id="term">OpenSSL</div> +<dt><div id="term">OpenSSL</div> <dd>The Open Source toolkit for SSL/TLS; see <a href="http://www.openssl.org/">http://www.openssl.org/</a> <p> -<dt><DIV id="term">Pass Phrase</div> +<dt><div id="term">Pass Phrase</div> <dd>The word or phrase that protects private key files. It prevents unauthorized users from encrypting them. Usually it's just the secret encryption/decryption key used for <em>Ciphers</em>. <p> -<dt><DIV id="term">Plaintext</div> +<dt><div id="term">Plaintext</div> <dd>The unencrypted text. <p> -<dt><DIV id="term">Private Key</div> +<dt><div id="term">Private Key</div> <dd>The secret key in a <em>Public Key Cryptography</em> system, used to decrypt incoming messages and sign outgoing ones. <p> -<dt><DIV id="term">Public Key</div> +<dt><div id="term">Public Key</div> <dd>The publically available key in a <em>Public Key Cryptography</em> system, used to encrypt messages bound for its owner and to decrypt signatures made by its owner. <p> -<dt><DIV id="term">Public Key Cryptography</div> +<dt><div id="term">Public Key Cryptography</div> <dd>The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair. Also called Asymmetric Crypography. <p> -<dt><DIV id="term">Secure Sockets Layer (SSL)</div> +<dt><div id="term">Secure Sockets Layer (SSL)</div> <dd>A protocol created by Netscape Communications Corporation for general communication authentication and encryption over TCP/IP networks. The most popular usage is <em>HTTPS</em>, i.e. the HyperText Transfer Protocol (HTTP) over SSL. <p> -<dt><DIV id="term">Session</div> +<dt><div id="term">Session</div> <dd>The context information of an SSL communication. <p> -<dt><DIV id="term">SSLeay</div> +<dt><div id="term">SSLeay</div> <dd>The original SSL/TLS implementation library developed by Eric A. Young <eay@aus.rsa.com>; see <a href="http://www.ssleay.org/">http://www.ssleay.org/</a> <p> -<dt><DIV id="term">Symmetric Cryptography</div> +<dt><div id="term">Symmetric Cryptography</div> <dd>The study and application of <em>Ciphers</em> that use a single secret key for both encryption and decryption operations. <p> -<dt><DIV id="term">Transport Layer Security (TLS)</div> +<dt><div id="term">Transport Layer Security (TLS)</div> <dd>The successor protocol to SSL, created by the Internet Engineering Task Force (IETF) for general communication authentication and encryption over TCP/IP networks. TLS version 1 and is nearly identical with SSL version 3. <p> -<dt><DIV id="term">Uniform Resource Locator (URL)</div> +<dt><div id="term">Uniform Resource Locator (URL)</div> <dd>The formal identifier to locate various resources on the World Wide Web. The most popular URL scheme is <code>http</code>. SSL uses the scheme <code>https</code> <p> -<dt><DIV id="term">X.509</div> +<dt><div id="term">X.509</div> <dd>An authentication certificate scheme recommended by the International Telecommunication Union (ITU-T) which is used for SSL/TLS authentication. </dl> - <p> + <p> <br> <table> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_bot_n = new Image(); - ro_img_prev_bot_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_bot_o = new Image(); - ro_img_prev_bot_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_faq.html" - onMouseOver="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_bot'); return true" -><img - name="ro_img_prev_bot" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">F.A.Q. List</font> +<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font> </td> <td valign="top" align="right" width="250"> </td> @@ -403,7 +387,7 @@ if (document.images) { <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> </tr> <tr> - <td> <table width="598"> + <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> <a href="http://www.modssl.org/">mod_ssl</a> 2.6, User Manual<br> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html index 382cc739dd6..fd277012bab 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html @@ -127,47 +127,17 @@ H4 { font-style: normal; } --></style> -</head> -<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> -<div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> -<tr> - <td> - <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> - <table width="600" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table width="600"> - <tr> - <td align="left" valign="bottom"> - <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> - </td> - <td align="right"> - <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-5.gif" alt="5" width="74" height="89"> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> - </tr> - <tr> - <td> - <table width="600" border="0"> - <tr> - <td valign="top" align="left" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code function ro_imgNormal(imgName) { if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); + document[imgName].src = eval(imgName + '_n.src'); self.status = ''; } } function ro_imgOver(imgName, descript) { if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); + document[imgName].src = eval(imgName + '_o.src'); self.status = descript; } } @@ -177,44 +147,76 @@ function ro_imgOver(imgName, descript) { <!-- Hiding the code if (document.images) { ro_img_prev_top_n = new Image(); - ro_img_prev_top_n.src = "ssl_template.navbut-prev-n.gif"; + ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; ro_img_prev_top_o = new Image(); - ro_img_prev_top_o.src = "ssl_template.navbut-prev-s.gif"; + ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_bot_n = new Image(); + ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_bot_o = new Image(); + ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; } // done hiding --> </script> -<a href="ssl_compat.html" - onMouseOver="ro_imgOver('ro_img_prev_top', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_top'); return true" -><img - name="ro_img_prev_top" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Compatibility</font> - </td> - <td valign="top" align="right" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code if (document.images) { ro_img_next_top_n = new Image(); - ro_img_next_top_n.src = "ssl_template.navbut-next-n.gif"; + ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif'; ro_img_next_top_o = new Image(); - ro_img_next_top_o.src = "ssl_template.navbut-next-s.gif"; + ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_next_bot_n = new Image(); + ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif'; + ro_img_next_bot_o = new Image(); + ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif'; } // done hiding --> </script> -<a href="ssl_faq.html" - onMouseOver="ro_imgOver('ro_img_next_top', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_top'); return true" -><img - name="ro_img_next_top" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">F.A.Q. List</font> +</head> +<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> +<div align="center"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> +<tr> + <td> + <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> + <table width="600" cellspacing="0" cellpadding="0" summary=""> + <tr> + <td> + <table width="600" summary=""> + <tr> + <td align="left" valign="bottom"> + <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> + </td> + <td align="right"> + <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-5.gif" alt="5" width="74" height="89"> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> + </tr> + <tr> + <td> + <table width="600" border="0" summary=""> + <tr> + <td valign="top" align="left" width="250"> +<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font> + </td> + <td valign="top" align="right" width="250"> +<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font> </td> </tr> </table> @@ -222,17 +224,19 @@ if (document.images) { </tr> <tr> <td> - <br> + <br> <img src="ssl_template.title-howto.gif" alt="HowTo" width="456" height="60"> </td> </tr> </table> -<DIV align="right"> -<table cellspacing="0" cellpadding="0" width="200"> +<div align="right"> +<table cellspacing="0" cellpadding="0" width="200" summary=""> <tr> <td> -<em>``The solution of this problem is trivial - and is left as an exercise for the reader.''</em> +<em> +``The solution of this problem is trivial + and is left as an exercise for the reader.'' +</em> </td> </tr> <tr> @@ -245,7 +249,7 @@ Standard textbook cookie </table> </div> <p> -<table cellspacing="0" cellpadding="0" border="0"> +<table cellspacing="0" cellpadding="0" border="0" summary=""> <tr valign="bottom"> <td> <img src="ssl_howto.gfont000.gif" alt="H" width="40" height="34" border="0" align="left"> @@ -261,8 +265,8 @@ coherences. </td> <td> -<DIV align="right"> -<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="300"> +<div align="right"> +<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" width="300" summary=""> <tr> <td bgcolor="#333399"> <font face="Arial,Helvetica" color="#ccccff"> @@ -291,22 +295,24 @@ coherences. </td> </tr> </table> -<H2><a name="ToC1">Cipher Suites and Enforced Strong Security</a></H2> +<h2><a name="ToC1">Cipher Suites and Enforced Strong Security</a></h2> <ul> <p> <li><a name="ToC2"></a> <a name="cipher-sslv2"></a> - <strong id="howto">How can I create a real SSLv2-only server?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#cipher-sslv2"><b>L</b></a>] + <strong id="howto"> +How can I create a real SSLv2-only server? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#cipher-sslv2"><b>L</b></a>] <p> The following creates an SSL server which speaks only the SSLv2 protocol and -it's ciphers. +its ciphers. <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -321,12 +327,16 @@ it's ciphers. <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + SSLProtocol -all +SSLv2 SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -339,16 +349,18 @@ SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP <p> <li><a name="ToC3"></a> <a name="cipher-strong"></a> - <strong id="howto">How can I create an SSL server which accepts strong encryption only?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#cipher-strong"><b>L</b></a>] + <strong id="howto"> +How can I create an SSL server which accepts strong encryption only? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#cipher-strong"><b>L</b></a>] <p> The following enables only the seven strongest ciphers: <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -363,12 +375,16 @@ The following enables only the seven strongest ciphers: <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + SSLProtocol all SSLCipherSuite HIGH:MEDIUM -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -381,9 +397,11 @@ SSLCipherSuite HIGH:MEDIUM <p> <li><a name="ToC4"></a> <a name="cipher-sgc"></a> - <strong id="howto">How can I create an SSL server which accepts strong encryption only, -but allows export browsers to upgrade to stronger encryption?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#cipher-sgc"><b>L</b></a>] + <strong id="howto"> +How can I create an SSL server which accepts strong encryption only, +but allows export browsers to upgrade to stronger encryption? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#cipher-sgc"><b>L</b></a>] <p> This facility is called Server Gated Cryptography (SGC) and details you can find in the <code>README.GlobalID</code> document in the mod_ssl distribution. @@ -397,11 +415,11 @@ encryption. Or in other words: Browser either have to initially connect with strong encryption or have to upgrade to strong encryption, but are not allowed to keep the export ciphers. The following does the trick: <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -416,9 +434,11 @@ to keep the export ciphers. The following does the trick: <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + # allow all ciphers for the inital handshake, # so export browsers can upgrade via SGC facility SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL @@ -426,7 +446,9 @@ SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # but finally deny all browsers which haven't upgraded SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 </Directory> -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -439,9 +461,11 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 <p> <li><a name="ToC5"></a> <a name="cipher-perdir"></a> - <strong id="howto">How can I create an SSL server which accepts all types of ciphers in general, -but requires a strong ciphers for access to a particular URL?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#cipher-perdir"><b>L</b></a>] + <strong id="howto"> +How can I create an SSL server which accepts all types of ciphers in general, +but requires a strong ciphers for access to a particular URL? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#cipher-perdir"><b>L</b></a>] <p> Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which restricts the ciphers to the strong variants. But mod_ssl allows you to @@ -449,11 +473,11 @@ reconfigure the cipher suite in per-directory context and automatically forces a renegotiation of the SSL parameters to meet the new configuration. So, the solution is: <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -468,16 +492,20 @@ solution is: <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + # be liberal in general SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL <Location /strong/area> # but https://hostname/strong/area/ and below requires strong ciphers SSLCipherSuite HIGH:MEDIUM </Location> -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -488,14 +516,16 @@ SSLCipherSuite HIGH:MEDIUM </tr> </table> </ul> -<H2><a name="ToC6">Client Authentication and Access Control</a></H2> +<h2><a name="ToC6">Client Authentication and Access Control</a></h2> <ul> <p> <li><a name="ToC7"></a> <a name="auth-simple"></a> - <strong id="howto">How can I authenticate clients based on certificates when I know all my -clients?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#auth-simple"><b>L</b></a>] + <strong id="howto"> +How can I authenticate clients based on certificates when I know all my +clients? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#auth-simple"><b>L</b></a>] <p> When you know your user community (i.e. a closed user group situation), as it's the case for instance in an Intranet, you can use plain certificate @@ -503,11 +533,11 @@ authentication. All you have to do is to create client certificates signed by your own CA certificate <code>ca.crt</code> and then verifiy the clients against this certificate. <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -522,15 +552,19 @@ against this certificate. <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + # require a client certificate which has to be directly # signed by our CA certificate in ca.crt SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile conf/ssl.crt/ca.crt -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -543,17 +577,19 @@ SSLCACertificateFile conf/ssl.crt/ca.crt <p> <li><a name="ToC8"></a> <a name="auth-selective"></a> - <strong id="howto">How can I authenticate my clients for a particular URL based on certificates -but still allow arbitrary clients to access the remaining parts of the server?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#auth-selective"><b>L</b></a>] + <strong id="howto"> +How can I authenticate my clients for a particular URL based on certificates +but still allow arbitrary clients to access the remaining parts of the server? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#auth-selective"><b>L</b></a>] <p> For this we again use the per-directory reconfiguration feature of mod_ssl: <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -568,16 +604,20 @@ For this we again use the per-directory reconfiguration feature of mod_ssl: <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + SSLVerifyClient none SSLCACertificateFile conf/ssl.crt/ca.crt <Location /secure/area> SSLVerifyClient require SSLVerifyDepth 1 </Location> -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -590,10 +630,12 @@ SSLVerifyDepth 1 <p> <li><a name="ToC9"></a> <a name="auth-particular"></a> - <strong id="howto">How can I authenticate only particular clients for a some URLs based + <strong id="howto"> +How can I authenticate only particular clients for a some URLs based on certificates but still allow arbitrary clients to access the remaining -parts of the server?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#auth-particular"><b>L</b></a>] +parts of the server? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#auth-particular"><b>L</b></a>] <p> The key is to check for various ingredients of the client certficate. Usually this means to check the whole or part of the Distinguished Name (DN) of the @@ -607,11 +649,11 @@ DN. Then you can match them more easily. <p> The first method: <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">/usr/local/apache/conf/httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -626,9 +668,11 @@ The first method: <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + SSLVerifyClient none <Directory /usr/local/apache/htdocs/secure/area> SSLVerifyClient require @@ -642,7 +686,9 @@ AuthType Basic AuthUserFile /usr/local/apache/conf/httpd.passwd require valid-user </Directory> -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -653,11 +699,11 @@ require valid-user </tr> </table> <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">/usr/local/apache/conf/httpd.passwd</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -672,13 +718,17 @@ require valid-user <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + /C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA /C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA /C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -691,11 +741,11 @@ require valid-user <p> The second method: <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -710,9 +760,11 @@ The second method: <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + SSLVerifyClient none <Directory /usr/local/apache/htdocs/secure/area> SSLVerifyClient require @@ -724,7 +776,9 @@ SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." and \ %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} </Directory> -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -741,19 +795,20 @@ SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." and \ I require HTTPS with strong ciphers and either basic authentication or client certificates for access to a subarea on the Intranet website for clients coming from the Internet but still allow plain HTTP access for clients on the -Intranet?</strong> - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#auth-intranet"><b>L</b></a>] +Intranet? +</strong> + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#auth-intranet"><b>L</b></a>] <p> Let us assume the Intranet can be distinguished through the IP network 192.160.1.0/24 and the subarea on the Intranet website has the URL <tt>/subarea</tt>. Then configure the following outside your HTTPS virtual host (so it applies to both HTTPS and HTTP): <p> -<table border="0" cellpadding="0" cellspacing="0"> +<table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td> <td rowspan="3"> <font face="Arial,Helvetica" color="#999999">httpd.conf</font> </td> - <td colspan="2"> </td> + <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> </tr> <tr> <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> @@ -768,9 +823,11 @@ host (so it applies to both HTTPS and HTTP): <tr> <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td> <td colspan="3" bgcolor="#ffffff"> - <table border="0" cellspacing="4"> + <table border="0" cellspacing="4" summary=""> <tr> - <td><pre> + <td> +<pre> + <Directory /usr/local/apache/htdocs> # Outside the subarea only Intranet access is granted Order deny,allow @@ -811,7 +868,9 @@ AuthName "Protected Intranet Area" AuthUserFile conf/protected.passwd Require valid-user </Directory> -</pre></td> + +</pre> +</td> </tr> </table> </td> @@ -822,56 +881,18 @@ Require valid-user </tr> </table> </ul> - <p> + <p> <br> <table> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_bot_n = new Image(); - ro_img_prev_bot_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_bot_o = new Image(); - ro_img_prev_bot_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_compat.html" - onMouseOver="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_bot'); return true" -><img - name="ro_img_prev_bot" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Compatibility</font> +<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font> </td> <td valign="top" align="right" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_next_bot_n = new Image(); - ro_img_next_bot_n.src = "ssl_template.navbut-next-n.gif"; - ro_img_next_bot_o = new Image(); - ro_img_next_bot_o.src = "ssl_template.navbut-next-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_faq.html" - onMouseOver="ro_imgOver('ro_img_next_bot', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_bot'); return true" -><img - name="ro_img_next_bot" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">F.A.Q. List</font> +<a href="ssl_faq.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">F.A.Q. List</font> </td> </tr> </table> @@ -881,7 +902,7 @@ if (document.images) { <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> </tr> <tr> - <td> <table width="598"> + <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> <a href="http://www.modssl.org/">mod_ssl</a> 2.6, User Manual<br> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml index 9d9a3799a7f..69c7d6ed5f9 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.wml @@ -54,33 +54,33 @@ coherences. </table> # container tag for layouting a question -<define-container howto> +<define-tag howto endtag=required> <preserve ref> <preserve toc> <set-var %attributes> <p> -<li><toc_h3 <get-var toc>></toc_h3> +<li><toc_h3 alt="<get-var toc>"></toc_h3> <a name="<get-var ref>"></a> <strong id="howto">%body</strong>\ - [<a href="http://www.modssl.org/docs/2.2/ssl_howto.html#<get-var ref>"><b>L</b></a>] + [<a href="http://www.modssl.org/docs/2.6/ssl_howto.html#<get-var ref>"><b>L</b></a>] <p> <restore toc> <restore ref> -</define-container> +</define-tag> -<define-container config> +<define-tag config endtag=required> <preserve file> <set-var %attributes> <ifeq "<get-var file>" "" <set-var file="httpd.conf">> -<box header="<font face=\"Arial,Helvetica\" color=\"#999999\"><get-var file></font>" +<box header="<font face="Arial,Helvetica" color="#999999"><get-var file></font>" bdwidth=1 bdcolor="#cccccc" bgcolor="#ffffff" fgcolor="#000000"> <pre> %body </pre> </box>\ <restore file> -</define-container> +</define-tag> <h2>Cipher Suites and Enforced Strong Security</h2> @@ -91,7 +91,7 @@ How can I create a real SSLv2-only server? </howto> The following creates an SSL server which speaks only the SSLv2 protocol and -it's ciphers. +its ciphers. <p> <config> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif Binary files differindex bcc618870d1..c64553fcbe7 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html index 22554ca704e..276ccdd0ced 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html @@ -127,47 +127,17 @@ H4 { font-style: normal; } --></style> -</head> -<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> -<div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> -<tr> - <td> - <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> - <table width="600" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table width="600"> - <tr> - <td align="left" valign="bottom"> - <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> - </td> - <td align="right"> - <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-2.gif" alt="2" width="74" height="89"> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> - </tr> - <tr> - <td> - <table width="600" border="0"> - <tr> - <td valign="top" align="left" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code function ro_imgNormal(imgName) { if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); + document[imgName].src = eval(imgName + '_n.src'); self.status = ''; } } function ro_imgOver(imgName, descript) { if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); + document[imgName].src = eval(imgName + '_o.src'); self.status = descript; } } @@ -177,44 +147,76 @@ function ro_imgOver(imgName, descript) { <!-- Hiding the code if (document.images) { ro_img_prev_top_n = new Image(); - ro_img_prev_top_n.src = "ssl_template.navbut-prev-n.gif"; + ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; ro_img_prev_top_o = new Image(); - ro_img_prev_top_o.src = "ssl_template.navbut-prev-s.gif"; + ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_bot_n = new Image(); + ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_bot_o = new Image(); + ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; } // done hiding --> </script> -<a href="ssl_overview.html" - onMouseOver="ro_imgOver('ro_img_prev_top', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_top'); return true" -><img - name="ro_img_prev_top" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Overview</font> - </td> - <td valign="top" align="right" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code if (document.images) { ro_img_next_top_n = new Image(); - ro_img_next_top_n.src = "ssl_template.navbut-next-n.gif"; + ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif'; ro_img_next_top_o = new Image(); - ro_img_next_top_o.src = "ssl_template.navbut-next-s.gif"; + ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_next_bot_n = new Image(); + ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif'; + ro_img_next_bot_o = new Image(); + ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif'; } // done hiding --> </script> -<a href="ssl_reference.html" - onMouseOver="ro_imgOver('ro_img_next_top', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_top'); return true" -><img - name="ro_img_next_top" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Reference</font> +</head> +<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> +<div align="center"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> +<tr> + <td> + <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> + <table width="600" cellspacing="0" cellpadding="0" summary=""> + <tr> + <td> + <table width="600" summary=""> + <tr> + <td align="left" valign="bottom"> + <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> + </td> + <td align="right"> + <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-2.gif" alt="2" width="74" height="89"> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> + </tr> + <tr> + <td> + <table width="600" border="0" summary=""> + <tr> + <td valign="top" align="left" width="250"> +<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font> + </td> + <td valign="top" align="right" width="250"> +<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font> </td> </tr> </table> @@ -222,18 +224,20 @@ if (document.images) { </tr> <tr> <td> - <br> + <br> <img src="ssl_template.title-intro.gif" alt="Introduction" width="456" height="60"> </td> </tr> </table> -<DIV align="right"> -<table cellspacing="0" cellpadding="0" width="400"> +<div align="right"> +<table cellspacing="0" cellpadding="0" width="400" summary=""> <tr> <td> -<em>``The nice thing about standards is that there are so many to choose from. +<em> +``The nice thing about standards is that there are so many to choose from. And if you really don't like all the standards you just have to wait another -year until the one arises you are looking for.''</em> +year until the one arises you are looking for.'' +</em> </td> </tr> <tr> @@ -246,7 +250,7 @@ A. Tanenbaum, ``Introduction to Computer Networks'' </table> </div> <p> -<table cellspacing="0" cellpadding="0" border="0"> +<table cellspacing="0" cellpadding="0" border="0" summary=""> <tr valign="bottom"> <td> <img src="ssl_intro.gfont000.gif" alt="A" width="37" height="35" border="0" align="left"> @@ -277,8 +281,8 @@ author). </td> <td> -<DIV align="right"> -<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff"> +<div align="right"> +<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary=""> <tr> <td bgcolor="#333399"> <font face="Arial,Helvetica" color="#ccccff"> @@ -316,13 +320,13 @@ author). </td> </tr> </table> -<H2><a name="ToC1">Cryptographic Techniques</a></H2> +<h2><a name="ToC1">Cryptographic Techniques</a></h2> Understanding SSL requires an understanding of cryptographic algorithms, message digest functions (aka. one-way or hash functions), and digital signatures. These techniques are the subject of entire books (see for instance [<a href="#AC96">AC96</a>]) and provide the basis for privacy, integrity, and authentication. -<H3><a name="ToC2">Cryptographic Algorithms</a></H3> +<h3><a name="ToC2">Cryptographic Algorithms</a></h3> Suppose Alice wants to send a message to her bank to transfer some money. Alice would like the message to be private, since it will include information such as her account number and transfer amount. One solution is to use a @@ -356,7 +360,7 @@ private key will be able to read it. In this way, Alice may send private messages to the owner of a key-pair (the bank), by encrypting it using their public key. Only the bank will be able to decrypt it. </ul> -<H3><a name="ToC3">Message Digests</a></H3> +<h3><a name="ToC3">Message Digests</a></h3> Although Alice may encrypt her message to make it private, there is still a concern that someone might modify her original message or substitute it with a different one, in order to transfer the money to themselves, for @@ -378,7 +382,7 @@ Another challenge that Alice faces is finding a way to send the digest to the bank securely; when this is achieved, the integrity of the associated message is assured. One way to to this is to include the digest in a digital signature. -<H3><a name="ToC4">Digital Signatures</a></H3> +<h3><a name="ToC4">Digital Signatures</a></h3> When Alice sends a message to the bank, the bank needs to ensure that the message is really from her, so an intruder does not request a transaction involving her account. A <em>digital signature</em>, created by Alice and @@ -396,7 +400,7 @@ To guard against interception and reuse of the signature by an intruder at a later date, the signature contains a unique sequence number. This protects the bank from a fraudulent claim from Alice that she did not send the message -- only she could have signed it (non-repudiation). -<H2><a name="ToC5">Certificates</a></H2> +<h2><a name="ToC5">Certificates</a></h2> Although Alice could have sent a private message to the bank, signed it, and ensured the integrity of the message, she still needs to be sure that she is really communicating with the bank. This means that she needs to be sure that @@ -409,7 +413,7 @@ the public key, and is signed by a trusted agency, then they both will be assured that they are communicating with whom they think they are. Such a trusted agency is called a <em>Certificate Authority</em>, and certificates are used for authentication. -<H3><a name="ToC6">Certificate Contents</a></H3> +<h3><a name="ToC6">Certificate Contents</a></h3> A certificate associates a public key with the real identity of an individual, server, or other entity, known as the subject. As shown in <a href="#table1">Table 1</a>, information about the subject includes identifying @@ -421,11 +425,12 @@ information for the Certificate Authority's use, such as a serial number. <p> <div align="center"> <a name="table1"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 1: Certificate Information</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table> <tr valign="top"><td><b>Subject:</b></td> <td>Distinguished Name, Public Key</td></tr> <tr valign="top"><td><b>Issuer:</b></td> @@ -436,7 +441,8 @@ information for the Certificate Authority's use, such as a serial number. <td>Version, Serial Number</td></TR> <tr><td><b>Extended Information:</b></td> <td>Basic Contraints, Netscape Flags, etc.</td></TR> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> @@ -450,11 +456,12 @@ names, and abbreviations used to refer to the fields <p> <div align="center"> <a name="table2"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 2: Distinguished Name Information</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table> <tr valign="top"><td><b>DN Field:</b></td><td><b>Abbrev.:</b></td><td><b>Description:</b></td> <td><b>Example:</b></td> </t> @@ -470,7 +477,8 @@ names, and abbreviations used to refer to the fields <td>Name is located in this State/Province</td><td>ST=Desert</td></tr> <tr valign="top"><td>Country</td><td>C</td> <td>Name is located in this Country (ISO code)</td><td>C=XZ</td></tr> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> @@ -495,12 +503,13 @@ begin and end delimiter lines as illustrated in <a href="#table3">Table 3</a>. <p> <div align="center"> <a name="table3"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 3: Example of a PEM-encoded certificate (snakeoil.crt)</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table cellspacing="0" cellpadding="0"><tr><td> -<DIV class="code"><pre> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table cellspacing="0" cellpadding="0" summary=""><tr><td> +<div class="code"><pre> -----BEGIN CERTIFICATE----- MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG @@ -519,24 +528,25 @@ gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt 2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7 dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ== -----END CERTIFICATE-----</pre></div> -</td></tr></table></td> +</td></tr></table> +</td> </tr></table> </td></tr></table> </div> -<H3><a name="ToC7">Certificate Authorities</a></H3> +<h3><a name="ToC7">Certificate Authorities</a></h3> By first verifying the information in a certificate request before granting the certificate, the Certificate Authority assures the identity of the private key owner of a key-pair. For instance, if Alice requests a personal certificate, the Certificate Authority must first make sure that Alice really is the person the certificate request claims. -<H4><a name="ToC8">Certificate Chains</a></H4> +<h4><a name="ToC8">Certificate Chains</a></h4> A Certificate Authority may also issue a certificate for another Certificate Authority. When examining a certificate, Alice may need to examine the certificate of the issuer, for each parent Certificate Authority, until reaching one which she has confidence in. She may decide to trust only certificates with a limited chain of issuers, to reduce her risk of a "bad" certificate in the chain. -<H4><a name="ToC9">Creating a Root-Level CA</a></H4> +<h4><a name="ToC9">Creating a Root-Level CA</a></h4> As noted earlier, each certificate requires an issuer to assert the validity of the identity of the certificate subject, up to the top-level Certificate Authority (CA). This presents a problem: Since this is who vouches for the @@ -560,7 +570,7 @@ Certificate Authorities. These companies provide the following services: It is also possible to create your own Certificate Authority. Although risky in the Internet environment, it may be useful within an Intranet where the organization can easily verify the identities of individuals and servers. -<H4><a name="ToC10">Certificate Management</a></H4> +<h4><a name="ToC10">Certificate Management</a></h4> Establishing a Certificate Authority is a responsibility which requires a solid administrative, technical, and management framework. Certificate Authorities not only issue certificates, they also manage them -- @@ -581,7 +591,7 @@ default, it is necessary to load the Certificate Authority certificate into the browser, enabling the browser to validate server certificates signed by that Certificate Authority. Doing so may be dangerous, since once loaded, the browser will accept all certificates signed by that Certificate Authority. -<H2><a name="ToC11">Secure Sockets Layer (SSL)</a></H2> +<h2><a name="ToC11">Secure Sockets Layer (SSL)</a></h2> The Secure Sockets Layer protocol is a protocol layer which may be placed between a reliable connection-oriented network layer protocol (e.g. TCP/IP) and the application protocol layer (e.g. HTTP). SSL provides for secure @@ -597,11 +607,12 @@ a protocol session. <p> <div align="center"> <a name="table4"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 4: Versions of the SSL protocol</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table> <tr valign="top"> <td><b>Version:</b></td> <td><b>Source:</b></td> @@ -633,7 +644,8 @@ a protocol session. block ciphers, message order standardization and more alert messages. </td> <td>- Lynx/2.8+OpenSSL</td> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> @@ -648,7 +660,7 @@ the intermediate issuers, since they are included in the certificate chain. SSL 3.0 is the basis for the Transport Layer Security [<A HREF="#TLS1">TLS</A>] protocol standard, currently in development by the Internet Engineering Task Force (IETF). -<H3><a name="ToC12">Session Establishment</a></H3> +<h3><a name="ToC12">Session Establishment</a></h3> The SSL session is established by following a <I>handshake sequence</I> between client and server, as shown in <a href="#figure1">Figure 1</a>. This sequence may vary, depending on whether the server is configured to provide a @@ -667,11 +679,13 @@ the cache of the server). <p> <div align="center"> <a name="figure1"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Figure 1: Simplified SSL Handshake Sequence</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><img src="ssl_intro_fig1.gif" alt="" width="423" height="327"></td> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<img src="ssl_intro_fig1.gif" alt="" width="423" height="327"> +</td> </tr></table> </td></tr></table> </div> @@ -695,7 +709,7 @@ following components: <li>Message Digest for creating the Message Authentication Code (MAC) </ul> These three elements are described in the sections that follow. -<H3><a name="ToC13">Key Exchange Method</a></H3> +<h3><a name="ToC13">Key Exchange Method</a></h3> The key exchange method defines how the shared secret symmetric cryptography key used for application data transfer will be agreed upon by client and server. SSL 2.0 uses RSA key exchange only, while SSL 3.0 supports a choice of @@ -708,7 +722,7 @@ whether or not to use them, and if so, what kind of signatures to use. Signing with a private key provides assurance against a man-in-the-middle-attack during the information exchange used in generating the shared key [<a href="#AC96">AC96</a>, p516]. -<H3><a name="ToC14">Cipher for Data Transfer</a></H3> +<h3><a name="ToC14">Cipher for Data Transfer</a></h3> SSL uses the conventional cryptography algorithm (symmetric cryptography) described earlier for encrypting messages in a session. There are nine choices, including the choice to perform no encryption: @@ -736,7 +750,7 @@ ch12], which has a number of variants (including DES40 and 3DES_EDE). "Idea" is one of the best and cryptographically strongest available algorithms, and "RC2" is a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>, ch13]. -<H3><a name="ToC15">Digest Function</a></H3> +<h3><a name="ToC15">Digest Function</a></h3> The choice of digest function determines how a digest is created from a record unit. SSL supports the following: <ul> @@ -747,7 +761,7 @@ unit. SSL supports the following: The message digest is used to create a Message Authentication Code (MAC) which is encrypted with the message to provide integrity and to prevent against replay attacks. -<H3><a name="ToC16">Handshake Sequence Protocol</a></H3> +<h3><a name="ToC16">Handshake Sequence Protocol</a></h3> The handshake sequence uses three protocols: <ul> <li>The <em>SSL Handshake Protocol</em> @@ -765,11 +779,13 @@ the underlying protocol. <p> <div align="center"> <a name="figure2"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Figure 2: SSL Protocol Stack</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><img src="ssl_intro_fig2.gif" alt="" width="428" height="217"></td> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<img src="ssl_intro_fig2.gif" alt="" width="428" height="217"> +</td> </tr></table> </td></tr></table> </div> @@ -779,7 +795,7 @@ if an active session is renegotiated the control protocols will be transmitted securely. If there were no session before, then the Null cipher suite is used, which means there is no encryption and messages have no integrity digests until the session has been established. -<H3><a name="ToC17">Data Transfer</a></H3> +<h3><a name="ToC17">Data Transfer</a></h3> The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>, is used to transfer application and SSL Control data between the client and server, possibly fragmenting this data into smaller units, or combining multiple @@ -790,22 +806,24 @@ implementations lack support for compression). <p> <div align="center"> <a name="figure3"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Figure 3: SSL Record Protocol</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><img src="ssl_intro_fig3.gif" alt="" width="423" height="323"></td> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<img src="ssl_intro_fig3.gif" alt="" width="423" height="323"> +</td> </tr></table> </td></tr></table> </div> -<H3><a name="ToC18">Securing HTTP Communication</a></H3> +<h3><a name="ToC18">Securing HTTP Communication</a></h3> One common use of SSL is to secure Web HTTP communication between a browser and a webserver. This case does not preclude the use of non-secured HTTP. The secure version is mainly plain HTTP over SSL (named HTTPS), but with one major difference: it uses the URL scheme <code>https</code> rather than <code>http</code> and a different server port (by default 443). This mainly is what mod_ssl provides to you for the Apache webserver... -<H2><a name="ToC19">References</a></H2> +<h2><a name="ToC19">References</a></h2> <ul> <p> <li><a name="AC96"></a> @@ -854,56 +872,18 @@ is what mod_ssl provides to you for the Apache webserver... href="ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt"> ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt</a>. </ul> - <p> + <p> <br> <table> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_bot_n = new Image(); - ro_img_prev_bot_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_bot_o = new Image(); - ro_img_prev_bot_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_overview.html" - onMouseOver="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_bot'); return true" -><img - name="ro_img_prev_bot" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Overview</font> +<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font> </td> <td valign="top" align="right" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_next_bot_n = new Image(); - ro_img_next_bot_n.src = "ssl_template.navbut-next-n.gif"; - ro_img_next_bot_o = new Image(); - ro_img_next_bot_o.src = "ssl_template.navbut-next-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_reference.html" - onMouseOver="ro_imgOver('ro_img_next_bot', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_bot'); return true" -><img - name="ro_img_next_bot" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Reference</font> +<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font> </td> </tr> </table> @@ -913,7 +893,7 @@ if (document.images) { <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> </tr> <tr> - <td> <table width="598"> + <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> <a href="http://www.modssl.org/">mod_ssl</a> 2.6, User Manual<br> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html index 90e021ad7b0..4be14f77d9a 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html @@ -127,47 +127,17 @@ H4 { font-style: normal; } --></style> -</head> -<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> -<div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> -<tr> - <td> - <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> - <table width="600" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table width="600"> - <tr> - <td align="left" valign="bottom"> - <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> - </td> - <td align="right"> - <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-1.gif" alt="1" width="74" height="89"> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> - </tr> - <tr> - <td> - <table width="600" border="0"> - <tr> - <td valign="top" align="left" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code function ro_imgNormal(imgName) { if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); + document[imgName].src = eval(imgName + '_n.src'); self.status = ''; } } function ro_imgOver(imgName, descript) { if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); + document[imgName].src = eval(imgName + '_o.src'); self.status = descript; } } @@ -177,44 +147,76 @@ function ro_imgOver(imgName, descript) { <!-- Hiding the code if (document.images) { ro_img_prev_top_n = new Image(); - ro_img_prev_top_n.src = "ssl_template.navbut-prev-n.gif"; + ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; ro_img_prev_top_o = new Image(); - ro_img_prev_top_o.src = "ssl_template.navbut-prev-s.gif"; + ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_bot_n = new Image(); + ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_bot_o = new Image(); + ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; } // done hiding --> </script> -<a href="index.html" - onMouseOver="ro_imgOver('ro_img_prev_top', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_top'); return true" -><img - name="ro_img_prev_top" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Cover</font> - </td> - <td valign="top" align="right" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code if (document.images) { ro_img_next_top_n = new Image(); - ro_img_next_top_n.src = "ssl_template.navbut-next-n.gif"; + ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif'; ro_img_next_top_o = new Image(); - ro_img_next_top_o.src = "ssl_template.navbut-next-s.gif"; + ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif'; } // done hiding --> </script> -<a href="ssl_intro.html" - onMouseOver="ro_imgOver('ro_img_next_top', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_top'); return true" -><img - name="ro_img_next_top" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Introduction</font> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_next_bot_n = new Image(); + ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif'; + ro_img_next_bot_o = new Image(); + ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif'; +} +// done hiding --> +</script> +</head> +<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> +<div align="center"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> +<tr> + <td> + <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> + <table width="600" cellspacing="0" cellpadding="0" summary=""> + <tr> + <td> + <table width="600" summary=""> + <tr> + <td align="left" valign="bottom"> + <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> + </td> + <td align="right"> + <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-1.gif" alt="1" width="74" height="89"> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> + </tr> + <tr> + <td> + <table width="600" border="0" summary=""> + <tr> + <td valign="top" align="left" width="250"> +<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font> + </td> + <td valign="top" align="right" width="250"> +<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font> </td> </tr> </table> @@ -222,18 +224,20 @@ if (document.images) { </tr> <tr> <td> - <br> + <br> <img src="ssl_template.title-over.gif" alt="Preface" width="456" height="60"> </td> </tr> </table> -<DIV align="right"> -<table cellspacing="0" cellpadding="0" width="300"> +<div align="right"> +<table cellspacing="0" cellpadding="0" width="300" summary=""> <tr> <td> -<em>``Ralf Engelschall has released an +<em> +``Ralf Engelschall has released an excellent module that integrates -Apache and SSLeay.''</em> +Apache and SSLeay.'' +</em> </td> </tr> <tr> @@ -246,7 +250,7 @@ Tim J. Hudson, SSLeay F.A.Q. </table> </div> <p> -<table cellspacing="0" cellpadding="0" border="0"> +<table cellspacing="0" cellpadding="0" border="0" summary=""> <tr valign="bottom"> <td> <img src="ssl_overview.gfont000.gif" alt="T" width="34" height="34" border="0" align="left"> @@ -263,8 +267,8 @@ HREF="mailto:tjh@cryptsoft.com">Tim Hudson</A>. </td> <td> -<DIV align="right"> -<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff"> +<div align="right"> +<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary=""> <tr> <td bgcolor="#333399"> <font face="Arial,Helvetica" color="#ccccff"> @@ -314,7 +318,7 @@ The authors of neither Apache nor mod_ssl nor OpenSSL are liable for any violations you make here. <p> If you're not sure what law details apply to your country you're strongly -advises to first determine them by consulting an attorney before using this +advised to first determine them by consulting an attorney before using this module. A lot of hints you can find in the <a href="http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm">International Law Crypto Survey</a> which is a really comprehensive resource on this topic. At @@ -326,12 +330,13 @@ DSI's RSAref package and used for non-commercial purposes only. And inside France it's not allowed to use any cryptography at all when keys with more than 40 bits are used. <p> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" cellspacing="0" cellpadding="10" border="0"> +<table bgcolor="white" cellspacing="0" cellpadding="10" border="0" summary=""> <tr> -<td><font face="Arial,Helvetica"> +<td> +<font face="Arial,Helvetica"> This software package uses strong cryptography, so while it is created, maintained and distributed from Germany and Switzerland (where it is legal to do this), it falls under certain export/import and/or use restrictions in some @@ -354,7 +359,8 @@ This product includes software developed by Ben Laurie for use in the Apache-SSL HTTP server project, software developed by Larry Wall and David MacKenzie for use in the GNU project of the FSF and software developed by Dr. Stephen N. Henson as a companion to OpenSSL. -</font></td> +</font> +</td> </tr> </table> </td> @@ -375,11 +381,13 @@ distribution. <p> <div align="center"> <a name="figure1"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Figure 1: Module Architecture</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><img src="ssl_overview_fig1.gif" alt="" width="382" height="281"></td> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<img src="ssl_overview_fig1.gif" alt="" width="382" height="281"> +</td> </tr></table> </td></tr></table> </div> @@ -424,56 +432,18 @@ of build-time. But notice that building mod_ssl as a DSO requires that your OS/compiler supports building DSOs in the first place, and additionally that they support linking of a DSO against a static library (libssl.a, libcrypo.a). Not all platform support this. - <p> + <p> <br> <table> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_bot_n = new Image(); - ro_img_prev_bot_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_bot_o = new Image(); - ro_img_prev_bot_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="index.html" - onMouseOver="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_bot'); return true" -><img - name="ro_img_prev_bot" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Cover</font> +<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font> </td> <td valign="top" align="right" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_next_bot_n = new Image(); - ro_img_next_bot_n.src = "ssl_template.navbut-next-n.gif"; - ro_img_next_bot_o = new Image(); - ro_img_next_bot_o.src = "ssl_template.navbut-next-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_intro.html" - onMouseOver="ro_imgOver('ro_img_next_bot', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_bot'); return true" -><img - name="ro_img_next_bot" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Introduction</font> +<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font> </td> </tr> </table> @@ -483,7 +453,7 @@ if (document.images) { <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> </tr> <tr> - <td> <table width="598"> + <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> <a href="http://www.modssl.org/">mod_ssl</a> 2.6, User Manual<br> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.wml index 9b28c7a71f8..2f969e44438 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.wml @@ -88,7 +88,7 @@ violations you make here. <p> If you're not sure what law details apply to your country you're strongly -advises to first determine them by consulting an attorney before using this +advised to first determine them by consulting an attorney before using this module. A lot of hints you can find in the <a href="http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm">International Law Crypto Survey</a> which is a really comprehensive resource on this topic. At diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html index 3d0ea2169d3..0057ff3d1f3 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html @@ -127,47 +127,17 @@ H4 { font-style: normal; } --></style> -</head> -<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> -<div align="center"> -<table width="600" cellspacing="0" cellpadding="0" border="0"> -<tr> - <td> - <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> - <table width="600" cellspacing="0" cellpadding="0"> - <tr> - <td> - <table width="600"> - <tr> - <td align="left" valign="bottom"> - <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> - </td> - <td align="right"> - <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-3.gif" alt="3" width="74" height="89"> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> - </tr> - <tr> - <td> - <table width="600" border="0"> - <tr> - <td valign="top" align="left" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code function ro_imgNormal(imgName) { if (document.images) { - document[imgName].src = eval(imgName + "_n.src"); + document[imgName].src = eval(imgName + '_n.src'); self.status = ''; } } function ro_imgOver(imgName, descript) { if (document.images) { - document[imgName].src = eval(imgName + "_o.src"); + document[imgName].src = eval(imgName + '_o.src'); self.status = descript; } } @@ -177,44 +147,76 @@ function ro_imgOver(imgName, descript) { <!-- Hiding the code if (document.images) { ro_img_prev_top_n = new Image(); - ro_img_prev_top_n.src = "ssl_template.navbut-prev-n.gif"; + ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif'; ro_img_prev_top_o = new Image(); - ro_img_prev_top_o.src = "ssl_template.navbut-prev-s.gif"; + ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif'; +} +// done hiding --> +</script> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_prev_bot_n = new Image(); + ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif'; + ro_img_prev_bot_o = new Image(); + ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif'; } // done hiding --> </script> -<a href="ssl_intro.html" - onMouseOver="ro_imgOver('ro_img_prev_top', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_top'); return true" -><img - name="ro_img_prev_top" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Introduction</font> - </td> - <td valign="top" align="right" width="250"> <script type="text/javascript" language="JavaScript"> <!-- Hiding the code if (document.images) { ro_img_next_top_n = new Image(); - ro_img_next_top_n.src = "ssl_template.navbut-next-n.gif"; + ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif'; ro_img_next_top_o = new Image(); - ro_img_next_top_o.src = "ssl_template.navbut-next-s.gif"; + ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif'; } // done hiding --> </script> -<a href="ssl_compat.html" - onMouseOver="ro_imgOver('ro_img_next_top', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_top'); return true" -><img - name="ro_img_next_top" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Compatibility</font> +<script type="text/javascript" language="JavaScript"> +<!-- Hiding the code +if (document.images) { + ro_img_next_bot_n = new Image(); + ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif'; + ro_img_next_bot_o = new Image(); + ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif'; +} +// done hiding --> +</script> +</head> +<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066"> +<div align="center"> +<table width="600" cellspacing="0" cellpadding="0" border="0" summary=""> +<tr> + <td> + <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br> + <table width="600" cellspacing="0" cellpadding="0" summary=""> + <tr> + <td> + <table width="600" summary=""> + <tr> + <td align="left" valign="bottom"> + <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font> + </td> + <td align="right"> + <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-3.gif" alt="3" width="74" height="89"> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> + </tr> + <tr> + <td> + <table width="600" border="0" summary=""> + <tr> + <td valign="top" align="left" width="250"> +<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font> + </td> + <td valign="top" align="right" width="250"> +<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font> </td> </tr> </table> @@ -222,17 +224,19 @@ if (document.images) { </tr> <tr> <td> - <br> + <br> <img src="ssl_template.title-ref.gif" alt="Reference" width="456" height="60"> </td> </tr> </table> -<DIV align="right"> -<table cellspacing="0" cellpadding="0" width="150"> +<div align="right"> +<table cellspacing="0" cellpadding="0" width="150" summary=""> <tr> <td> -<em>``Try to understand everything, -but believe nothing!''</em> +<em> +``Try to understand everything, +but believe nothing!'' +</em> </td> </tr> <tr> @@ -245,7 +249,7 @@ Unknown </table> </div> <p> -<table cellspacing="0" cellpadding="0" border="0"> +<table cellspacing="0" cellpadding="0" border="0" summary=""> <tr valign="bottom"> <td> <img src="ssl_reference.gfont000.gif" alt="T" width="34" height="34" border="0" align="left"> @@ -269,8 +273,8 @@ virtual host''), which can occur inside the server config files both outside </td> <td> -<DIV align="right"> -<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff"> +<div align="right"> +<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary=""> <tr> <td bgcolor="#333399"> <font face="Arial,Helvetica" color="#ccccff"> @@ -327,7 +331,7 @@ can also be used the in the global context. Additional directives and environment variables provided by mod_ssl (via on-the-fly mapping) for backward compatiblity to other Apache SSL solutions are documented in the <a href="ssl_compat.html">Compatibility</a> chapter. -<H1><a name="ToC1">Configuration Directives</a></H1> +<h1><a name="ToC1">Configuration Directives</a></h1> The most visible and error-prone things of mod_ssl are its configuration directives. So we document them in great detail here to assist you in setting up the best possible configuration of your SSL-aware webserver. @@ -335,14 +339,15 @@ up the best possible configuration of your SSL-aware webserver. <p> <br> <a name="SSLPassPhraseDialog"></a> -<H2><a name="ToC2">SSLPassPhraseDialog</a></H2> +<h2><a name="ToC2">SSLPassPhraseDialog</a></h2> <p> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLPassPhraseDialog</b></td></tr> <tr><td> @@ -375,7 +380,8 @@ up the best possible configuration of your SSL-aware webserver. href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -442,14 +448,15 @@ SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter <p> <br> <a name="SSLMutex"></a> -<H2><a name="ToC3">SSLMutex</a></H2> +<h2><a name="ToC3">SSLMutex</a></h2> <p> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLMutex</b></td></tr> <tr><td> @@ -482,7 +489,8 @@ SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -534,14 +542,15 @@ SSLMutex file:/usr/local/apache/logs/ssl_mutex <p> <br> <a name="SSLRandomSeed"></a> -<H2><a name="ToC4">SSLRandomSeed</a></H2> +<h2><a name="ToC4">SSLRandomSeed</a></h2> <p> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRandomSeed</b></td></tr> <tr><td> @@ -574,7 +583,8 @@ SSLMutex file:/usr/local/apache/logs/ssl_mutex href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.2 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -671,13 +681,14 @@ SSLRandomSeed connect file:/dev/urandom 1024 <p> <br> <a name="SSLSessionCache"></a> -<H2><a name="ToC5">SSLSessionCache</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC5">SSLSessionCache</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLSessionCache</b></td></tr> <tr><td> @@ -710,7 +721,8 @@ SSLRandomSeed connect file:/dev/urandom 1024 href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -762,13 +774,14 @@ SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000) <p> <br> <a name="SSLSessionCacheTimeout"></a> -<H2><a name="ToC6">SSLSessionCacheTimeout</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC6">SSLSessionCacheTimeout</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLSessionCacheTimeout</b></td></tr> <tr><td> @@ -801,7 +814,8 @@ SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000) href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -823,13 +837,14 @@ SSLSessionCacheTimeout 600 <p> <br> <a name="SSLEngine"></a> -<H2><a name="ToC7">SSLEngine</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC7">SSLEngine</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLEngine</b></td></tr> <tr><td> @@ -862,7 +877,8 @@ SSLSessionCacheTimeout 600 href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -887,13 +903,14 @@ SSLEngine on <p> <br> <a name="SSLProtocol"></a> -<H2><a name="ToC8">SSLProtocol</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC8">SSLProtocol</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLProtocol</b></td></tr> <tr><td> @@ -926,7 +943,8 @@ SSLEngine on href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.2 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -976,13 +994,14 @@ SSLProtocol all -SSLv2 <p> <br> <a name="SSLCipherSuite"></a> -<H2><a name="ToC9">SSLCipherSuite</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC9">SSLCipherSuite</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCipherSuite</b></td></tr> <tr><td> @@ -1015,7 +1034,8 @@ SSLProtocol all -SSLv2 href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1054,11 +1074,12 @@ specify the preference and order for the ciphers (see <a href="#table1">Table <p> <div align="center"> <a name="table1"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 1: OpenSSL Cipher Specification Tags</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="2" width="598"> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table border="0" cellspacing="0" cellpadding="2" width="598" summary=""> <tr id="D"><td><b>Tag</b></td> <td><b>Description</b></td> <tr id="H"><td colspan="2"><em>Key Exchange Algorithm:</em></td></tr> <tr id="D"><td><code>kRSA</code></td> <td>RSA key exchange</td></tr> @@ -1097,7 +1118,8 @@ specify the preference and order for the ciphers (see <a href="#table1">Table <tr id="D"><td><code>ADH</code></td> <td>all ciphers using Anonymous Diffie-Hellman key exchange</td> </tr> <tr id="H"><td><code>DSS</code></td> <td>all ciphers using DSS authentication</td> </tr> <tr id="D"><td><code>NULL</code></td> <td>all ciphers using no encryption</td> </tr> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> @@ -1147,11 +1169,12 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW <p> <div align="center"> <a name="table2"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 2: Particular SSL Ciphers</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="2" width="598"> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table border="0" cellspacing="0" cellpadding="2" width="598" summary=""> <tr id="D"><td><b>Cipher-Tag</b></td> <td><b>Protocol</b></td> <td><b>Key Ex.</b></td> <td><b>Auth.</b></td> <td><b>Enc.</b></td> <td><b>MAC</b></td> <td><b>Type</b></td> </tr> <tr id="H"><td colspan="7"><em>RSA Ciphers:</em></td></tr> <tr id="D"><td><code>DES-CBC3-SHA</code></td> <td>SSLv3</td> <td>RSA</td> <td>RSA</td> <td>3DES(168)</td> <td>SHA1</td> <td> </td> </tr> @@ -1184,7 +1207,8 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW <tr id="H"><td><code>EXP-EDH-DSS-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>DSS</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr> <tr id="D"><td><code>EXP-ADH-DES-CBC-SHA</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>DES(40)</td> <td>SHA1</td> <td> export</td> </tr> <tr id="H"><td><code>EXP-ADH-RC4-MD5</code></td> <td>SSLv3</td> <td>DH(512)</td> <td>None</td> <td>RC4(40)</td> <td>MD5</td> <td> export</td> </tr> -</table></td> +</table> +</td> </tr></table> </td></tr></table> </div> @@ -1192,13 +1216,14 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW <p> <br> <a name="SSLCertificateFile"></a> -<H2><a name="ToC10">SSLCertificateFile</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC10">SSLCertificateFile</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateFile</b></td></tr> <tr><td> @@ -1231,7 +1256,8 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1255,13 +1281,14 @@ SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt <p> <br> <a name="SSLCertificateKeyFile"></a> -<H2><a name="ToC11">SSLCertificateKeyFile</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC11">SSLCertificateKeyFile</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateKeyFile</b></td></tr> <tr><td> @@ -1294,7 +1321,8 @@ SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1323,13 +1351,14 @@ SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key <p> <br> <a name="SSLCertificateChainFile"></a> -<H2><a name="ToC12">SSLCertificateChainFile</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC12">SSLCertificateChainFile</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCertificateChainFile</b></td></tr> <tr><td> @@ -1362,7 +1391,8 @@ SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3.6 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1403,13 +1433,14 @@ SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt <p> <br> <a name="SSLCACertificatePath"></a> -<H2><a name="ToC13">SSLCACertificatePath</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC13">SSLCACertificatePath</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificatePath</b></td></tr> <tr><td> @@ -1442,7 +1473,8 @@ SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1470,13 +1502,14 @@ SSLCACertificatePath /usr/local/apache/conf/ssl.crt/ <p> <br> <a name="SSLCACertificateFile"></a> -<H2><a name="ToC14">SSLCACertificateFile</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC14">SSLCACertificateFile</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCACertificateFile</b></td></tr> <tr><td> @@ -1509,7 +1542,8 @@ SSLCACertificatePath /usr/local/apache/conf/ssl.crt/ href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1533,13 +1567,14 @@ SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle-client.crt <p> <br> <a name="SSLCARevocationPath"></a> -<H2><a name="ToC15">SSLCARevocationPath</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC15">SSLCARevocationPath</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCARevocationPath</b></td></tr> <tr><td> @@ -1572,7 +1607,8 @@ SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle-client.crt href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1600,13 +1636,14 @@ SSLCARevocationPath /usr/local/apache/conf/ssl.crl/ <p> <br> <a name="SSLCARevocationFile"></a> -<H2><a name="ToC16">SSLCARevocationFile</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC16">SSLCARevocationFile</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLCARevocationFile</b></td></tr> <tr><td> @@ -1639,7 +1676,8 @@ SSLCARevocationPath /usr/local/apache/conf/ssl.crl/ href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.3 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1663,13 +1701,14 @@ SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle-client.crl <p> <br> <a name="SSLVerifyClient"></a> -<H2><a name="ToC17">SSLVerifyClient</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC17">SSLVerifyClient</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLVerifyClient</b></td></tr> <tr><td> @@ -1702,7 +1741,8 @@ SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle-client.crl href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1744,13 +1784,14 @@ SSLVerifyClient require <p> <br> <a name="SSLVerifyDepth"></a> -<H2><a name="ToC18">SSLVerifyDepth</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC18">SSLVerifyDepth</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLVerifyDepth</b></td></tr> <tr><td> @@ -1783,7 +1824,8 @@ SSLVerifyClient require href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1816,13 +1858,14 @@ SSLVerifyDepth 10 <p> <br> <a name="SSLLog"></a> -<H2><a name="ToC19">SSLLog</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC19">SSLLog</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLLog</b></td></tr> <tr><td> @@ -1855,7 +1898,8 @@ SSLVerifyDepth 10 href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1883,13 +1927,14 @@ SSLLog /usr/local/apache/logs/ssl_engine_log <p> <br> <a name="SSLLogLevel"></a> -<H2><a name="ToC20">SSLLogLevel</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC20">SSLLogLevel</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLLogLevel</b></td></tr> <tr><td> @@ -1922,7 +1967,8 @@ SSLLog /usr/local/apache/logs/ssl_engine_log href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -1969,13 +2015,14 @@ SSLLogLevel warn <p> <br> <a name="SSLOptions"></a> -<H2><a name="ToC21">SSLOptions</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC21">SSLOptions</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLOptions</b></td></tr> <tr><td> @@ -2008,7 +2055,8 @@ SSLLogLevel warn href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -2107,13 +2155,14 @@ SSLOptions +FakeBasicAuth -StrictRequire <p> <br> <a name="SSLRequireSSL"></a> -<H2><a name="ToC22">SSLRequireSSL</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC22">SSLRequireSSL</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRequireSSL</b></td></tr> <tr><td> @@ -2146,7 +2195,8 @@ SSLOptions +FakeBasicAuth -StrictRequire href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.0 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -2169,13 +2219,14 @@ SSLRequireSSL <p> <br> <a name="SSLRequire"></a> -<H2><a name="ToC23">SSLRequire</a></H2> -<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0"> +<h2><a name="ToC23">SSLRequire</a></h2> +<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary=""> <tr> <td> -<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0"> +<table bgcolor="white" width="600" cellspacing="0" cellpadding="5" border="0" summary=""> <tr> -<td><table cellspacing="0" cellpadding="1" border="0"> +<td> +<table cellspacing="0" cellpadding="1" border="0" summary=""> <tr><td> <font face="Arial,Helvetica"><b>Name:</b></font></a> </td><td> <b>SSLRequire</b></td></tr> <tr><td> @@ -2208,7 +2259,8 @@ SSLRequireSSL href="../directive-dict.html#Compatibility" rel="Help" ><font face="Arial,Helvetica"><b>Compatibility:</b></font></a> </td><td> mod_ssl 2.1 </td></tr> -</table></td> +</table> +</td> </tr> </table> </td> @@ -2285,11 +2337,12 @@ SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ </blockquote> <div align="center"> <a name="table3"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 3: Available Variables for SSLRequire</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table><tr><td> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table><tr><td> <em>Standard CGI/1.0 and Apache variables:</em> <pre> HTTP_USER_AGENT PATH_INFO AUTH_TYPE @@ -2346,15 +2399,16 @@ SSL_VERSION_INTERFACE SSL_CLIENT_S_DN_OU SSL_SERVER_S_DN_OU SSL_CLIENT_CERT_CHAIN<b>n</b> SSL_CLIENT_VERIFY </pre> -</td></tr></table></td> +</td></tr></table> +</td> </tr></table> </td></tr></table> </div> <br> <br> <p> -<H1><a name="ToC24">Additional Features</a></H1> -<H2><a name="ToC25">Environment Variables</a></H2> +<h1><a name="ToC24">Additional Features</a></h1> +<h2><a name="ToC25">Environment Variables</a></h2> This module provides a lot of SSL information as additional environment variables to the SSI and CGI namespace. The generated variables are listed in <a href="#table4">Table 4</a>. For backward compatibility the information can @@ -2364,11 +2418,12 @@ compatibility variables. <p> <div align="center"> <a name="table4"></a> -<table width="600" cellspacing="0" cellpadding="1" border="0"> +<table width="600" cellspacing="0" cellpadding="1" border="0" summary=""> <caption align="bottom" id="sf">Table 4: SSI/CGI Environment Variables</caption> <tr><td bgcolor="#cccccc"> -<table width="598" cellpadding="5" cellspacing="0" border="0"> -<tr><td valign="top" align="center" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="2" width="598"> +<table width="598" cellpadding="5" cellspacing="0" border="0" summary=""> +<tr><td valign="top" align="center" bgcolor="#ffffff"> +<table border="0" cellspacing="0" cellpadding="2" width="598" summary=""> <tr id="H"> <td><b>Variable Name:</b></td> <td><b>Value Type:</b></td> @@ -2409,13 +2464,14 @@ compatibility variables. <tr id="D"><td><code>SSL_SERVER_CERT</code></td> <td>string</td> <td>PEM-encoded server certificate</td></tr> </table> [ where <em>x509</em> is a component of a X.509 DN: - <code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code> ]</td> + <code>C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email</code> ] +</td> </tr></table> </td></tr></table> </div> <p> <br> -<H2><a name="ToC26">Custom Log Formats</a></H2> +<h2><a name="ToC26">Custom Log Formats</a></h2> When mod_ssl is built into Apache or at least loaded (under DSO situation) additional functions exist for the <a href="../mod_log_config.html#formats">Custom Log Format</a> of <a @@ -2436,56 +2492,18 @@ CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </pre> </blockquote> - <p> + <p> <br> <table> <tr> <td> - <table width="600" border="0"> + <table width="600" border="0" summary=""> <tr> <td valign="top" align="left" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_prev_bot_n = new Image(); - ro_img_prev_bot_n.src = "ssl_template.navbut-prev-n.gif"; - ro_img_prev_bot_o = new Image(); - ro_img_prev_bot_o.src = "ssl_template.navbut-prev-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_intro.html" - onMouseOver="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" - onMouseOut="ro_imgNormal('ro_img_prev_bot'); return true" -><img - name="ro_img_prev_bot" - src="ssl_template.navbut-prev-n.gif" - alt="previous page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Introduction</font> +<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font> </td> <td valign="top" align="right" width="250"> -<script type="text/javascript" language="JavaScript"> -<!-- Hiding the code -if (document.images) { - ro_img_next_bot_n = new Image(); - ro_img_next_bot_n.src = "ssl_template.navbut-next-n.gif"; - ro_img_next_bot_o = new Image(); - ro_img_next_bot_o.src = "ssl_template.navbut-next-s.gif"; -} -// done hiding --> -</script> -<a href="ssl_compat.html" - onMouseOver="ro_imgOver('ro_img_next_bot', 'next page'); return true" - onMouseOut="ro_imgNormal('ro_img_next_bot'); return true" -><img - name="ro_img_next_bot" - src="ssl_template.navbut-next-n.gif" - alt="next page" - width="70" height="18" - border="0" -></a><br><font color="#000000">Compatibility</font> +<a href="ssl_compat.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Compatibility</font> </td> </tr> </table> @@ -2495,7 +2513,7 @@ if (document.images) { <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td> </tr> <tr> - <td> <table width="598"> + <td><table width="598" summary=""> <tr> <td align="left"><font face="Arial,Helvetica"> <a href="http://www.modssl.org/">mod_ssl</a> 2.6, User Manual<br> diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc index 3529a504051..edb88dae743 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.inc @@ -148,7 +148,7 @@ H4 { <table width=600 cellspacing=0 cellpadding=0 border=0> <tr> <td> - <ifeq "$(tag)" "title" "" <prog + <ifeq "$(tag)" "title" "" " <imgdot height=1 width=600><br> <table width=600 cellspacing=0 cellpadding=0> <tr> @@ -160,13 +160,13 @@ H4 { <font face="Arial,Helvetica" size=+2><b>mod_ssl</b></font> </td> <td <ifeq "$(num)" "0" "align=left" "align=right">> - <ifeq "$(num)" "0" <prog + <ifeq "$(num)" "0" " <br> <img src="ssl_template.title-$(tag).gif" alt="$(title)"> - > <prog + " " <img src="ssl_template.head-chapter.gif" alt="Chapter"> \ <img src="ssl_template.head-num-$(num).gif" alt="$(num)"> - >> + "> </td> </tr> </table> @@ -183,10 +183,10 @@ H4 { <table width=600 border=0> <tr> <td valign=top align=left width=250>\ - <<NAVBUT_TOP_PREV>> + {#NAVBUT_TOP_PREV#} </td> <td valign=top align=right width=250>\ - <<NAVBUT_TOP_NEXT>> + {#NAVBUT_TOP_NEXT#} </td> </tr> </table> @@ -194,16 +194,16 @@ H4 { </tr> <tr> <td> - <ifeq "$(num)" "0" "" <prog + <ifeq "$(num)" "0" "" " <br> <img src="ssl_template.title-$(tag).gif" alt="$(title)"> - >> + "> </td> </tr> </table> - >> - <<BODY>> - <ifeq "$(tag)" "title" "" <prog + "> + {#BODY#} + <ifeq "$(tag)" "title" "" " <p> <br> <table> @@ -212,10 +212,10 @@ H4 { <table width=600 border=0> <tr> <td valign=top align=left width=250>\ - <<NAVBUT_BOT_PREV>> + {#NAVBUT_BOT_PREV#} </td> <td valign=top align=right width=250>\ - <<NAVBUT_BOT_NEXT>> + {#NAVBUT_BOT_NEXT#} </td> </tr> </table> @@ -228,7 +228,6 @@ H4 { </tr> <tr> <td>\ - <table width=598> <tr> <td align=left>\ @@ -246,37 +245,36 @@ H4 { </td> </tr> </table> - </td> </tr> </table> - >> + "> </td> </tr> </table> </center> -..BODY>> +{#BODY#: <define-tag page_prev> <preserve name> <preserve url> <set-var %attributes> -..NAVBUT_TOP_PREV>> +{#NAVBUT_TOP_PREV#: <rollover name="prev_top" src="ssl_template.navbut-prev-n.gif" oversrc="ssl_template.navbut-prev-s.gif" href="<get-var url>" alt="previous page" ><br><font color="#000000"><get-var name></font> -<<.. -..NAVBUT_BOT_PREV>> +:##} +{#NAVBUT_BOT_PREV#: <rollover name="prev_bot" src="ssl_template.navbut-prev-n.gif" oversrc="ssl_template.navbut-prev-s.gif" href="<get-var url>" alt="previous page" ><br><font color="#000000"><get-var name></font> -<<.. +:##} <restore url> <restore name> </define-tag> @@ -285,27 +283,27 @@ href="<get-var url>" alt="previous page" <preserve name> <preserve url> <set-var %attributes> -..NAVBUT_TOP_NEXT>> +{#NAVBUT_TOP_NEXT#: <rollover name="next_top" src="ssl_template.navbut-next-n.gif" oversrc="ssl_template.navbut-next-s.gif" href="<get-var url>" alt="next page" ><br><font color="#000000"><get-var name></font> -<<.. -..NAVBUT_BOT_NEXT>> +:##} +{#NAVBUT_BOT_NEXT#: <rollover name="next_bot" src="ssl_template.navbut-next-n.gif" oversrc="ssl_template.navbut-next-s.gif" href="<get-var url>" alt="next page" ><br><font color="#000000"><get-var name></font> -<<.. +:##} <restore url> <restore name> </define-tag> -<define-container float> +<define-tag float endtag=required> <preserve name> <preserve caption> <set-var %attributes> @@ -324,7 +322,7 @@ href="<get-var url>" alt="next page" </center> <restore caption> <restore name> -</define-container> +</define-tag> <define-tag directive> <preserve name> @@ -380,7 +378,7 @@ href="<get-var url>" alt="next page" <restore name> </define-tag> -<define-container quotation> +<define-tag quotation endtag=required> <preserve width> <preserve author> <set-var %attributes> @@ -391,7 +389,7 @@ href="<get-var url>" alt="next page" <em>%body</em> </td> </tr> -<ifeq "<get-var author>" "" "" <prog +<ifeq "<get-var author>" "" "" " <tr> <td align=right> <font size=-1> @@ -399,9 +397,9 @@ href="<get-var url>" alt="next page" </font> </td> </tr> ->> +"> </table> </div> <restore author> <restore width> -</define-container> +</define-tag> diff --git a/usr.sbin/httpd/src/CHANGES.SSL b/usr.sbin/httpd/src/CHANGES.SSL index 8b7fb23ab27..36d648425ac 100644 --- a/usr.sbin/httpd/src/CHANGES.SSL +++ b/usr.sbin/httpd/src/CHANGES.SSL @@ -23,6 +23,25 @@ / __/ | (_) | __ |_____(_)___/____________________________________________ + Changes with mod_ssl 2.6.6 (04-Jul-2000 to 12-Aug-2000) + + *) Fixed experimental HTTPS proxy code: A segfault was + produced by an incorrect logging command. + + *) Fixed server restarts: Under non-DSO run-time situation, the + OpenSSL library was shutdown (and never re-initialized) and this + way caused segfaults on server restarts. This affected only + installations where mod_ssl+OpenSSL were built as a static module + instead of a DSO. This nasty bug was unfortunately introduced in + 2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix. + + *) Upgraded both the user manual sources and the website + www.modssl.org from WML 1.6 to WML 2.0 format. + + *) Various typo fixes in user manual. + + *) Typo fix in INSTALL document related to RSAref. + Changes with mod_ssl 2.6.5 (01-May-2000 to 04-Jul-2000) *) Removed more memory leaks by freeing even more stuff diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.version b/usr.sbin/httpd/src/modules/ssl/libssl.version index 0d0fce319b1..54a1790fc32 100644 --- a/usr.sbin/httpd/src/modules/ssl/libssl.version +++ b/usr.sbin/httpd/src/modules/ssl/libssl.version @@ -1 +1 @@ -mod_ssl/2.6.5-1.3.12 +mod_ssl/2.6.6-1.3.12 diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c index d2e538492d4..c995320d544 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c @@ -600,7 +600,8 @@ static int ssl_ext_mp_clientcert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) sc = mySrvConfig(s); pcerts = sc->skProxyClientCerts; - ssl_log(s, SSL_LOG_DEBUG, "Proxy client certificate callback: (%s) entered"); + ssl_log(s, SSL_LOG_DEBUG, + "Proxy client certificate callback: (%s) entered", servername); if ((pcerts == NULL) || (sk_X509_INFO_num(pcerts) <= 0)) { ssl_log(s, SSL_LOG_TRACE, diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c index 1baf203680d..e5b21a0b0c3 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c @@ -1030,9 +1030,11 @@ void ssl_init_ModuleKill(void *data) /* * Try to kill the internals of the SSL library. */ +#ifdef SHARED_MODULE ERR_free_strings(); ERR_remove_state(0); EVP_cleanup(); +#endif return; } |