--- /dev/null
+LoadModule ssl_module lib/apache/libssl.so
+AddModule mod_ssl.c
+
+##--------------------------------------------------------------------------
+## Add additional SSL configuration directives which provide a
+## robust default configuration: virtual server on port 443
+## which speaks SSL.
+##--------------------------------------------------------------------------
+##
+## SSL Support
+##
+## When we also provide SSL we have to listen to the
+## standard HTTP port (see above) and to the HTTPS port
+##
+Listen 443
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First either `none'
+# or `dbm:/path/to/file' for the mechanism to use and
+# second the expiring timeout (in seconds).
+#SSLSessionCache none
+#SSLSessionCache dbm:logs/ssl_scache
+SSLSessionCache shm:/var/run/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual explusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex file:/var/run/ssl_mutex
+
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the
+# SSL library. The seed data should be of good random quality.
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+# Logging:
+# The home of the dedicated SSL protocol logfile. Errors are
+# additionally duplicated in the general error log file. Put
+# this somewhere where it cannot be used for symlink attacks on
+# a real server (i.e. somewhere where only root can write).
+# Log levels are (ascending order: higher ones include lower ones):
+# none, error, warn, info, trace, debug.
+SSLLog /var/log/httpd/ssl_engine_log
+SSLLogLevel info
+
+<VirtualHost _default_:443>
+SSLEngine on
+#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLCertificateFile /etc/httpd/server.crt
+SSLCertificateKeyFile /etc/httpd/server.key
+#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
+#SSLCACertificatePath /etc/httpd/conf/ssl.crt
+#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
+#SSLCARevocationPath /etc/httpd/conf/ssl.crl
+#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml)$">
+ SSLOptions +StdEnvVars
+</Files>
+<Directory "/home/httpd/html/cgi-bin">
+ SSLOptions +StdEnvVars
+</Directory>
+SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+CustomLog /var/log/httpd/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+++ /dev/null
-%define SSLVER 2.8.4
-%define APACHEVER 1.3.20
-Summary: An SSL module for the Apache Web server
-Summary(de): SSL-Modul fuer den Apache-Webserver
-Summary(fr): Un module SSL pour le serveur Web Apache
-Summary(pl): Modu³ SSL dla webserwera Apache
-Name: apache-mod_ssl
-Version: %{SSLVER}_%{APACHEVER}
-Release: 1
-License: BSD
-Group: Networking/Daemons
-Group(de): Netzwerkwesen/Server
-Group(pl): Sieciowe/Serwery
-Source0: http://www.modssl.org/source/mod_ssl-%{SSLVER}-%{APACHEVER}.tar.gz
-Source1: %{name}.conf
-Source2: %{name}-server.crt
-Source3: %{name}-server.key
-Source4: %{name}-sxnet.html
-Source5: %{name}.logrotate
-Patch1: mod_ssl-cca-openssl-path.patch
-Patch2: mod_ssl-db3.patch
-URL: http://www.modssl.org/
-BuildRequires: apache(EAPI)-devel = %{APACHEVER}
-BuildRequires: openssl-devel >= 0.9.6a
-BuildRequires: openssl-tools >= 0.9.6a
-BuildRequires: db3-devel
-BuildRequires: apache(EAPI)-devel = %{APACHEVER}
-Requires: apache(EAPI) >= %{APACHEVER}
-BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
-
-%define _pkglibdir %(%{_sbindir}/apxs -q LIBEXECDIR)
-
-%description
-The mod_ssl project provides strong cryptography for the Apache 1.3
-webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer
-Security (TLS v1) protocols by the help of the Open Source SSL/TLS
-toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim
-J. Hudson.
-
-The mod_ssl package was created in April 1998 by Ralf S. Engelschall
-and was originally derived from software developed by Ben Laurie for
-use in the Apache-SSL HTTP server project. The mod_ssl package is
-licensed under a BSD-style licence, which basically means that you are
-free to get and use it for commercial and non-commercial purposes.
-
-%description -l de
-Das mod_ssl-Projekt stellt kryptographie für den Apache 1.3-Webserver
-über Secure Sockets Layer (SSL v2/v3) und Transport Layer Security
-(TLS v1)-Protokolle zur Verfügung. Dazu wird das Open Source
-SSL/TLS-Toolkit OpenSSL, das auf SSLeay basiert, verwendet.
-
-%description -l fr
-Le projet mod_ssl fournit de la forte cryptographie pour le serveur
-web Apache 1.3 via les protocoles Secure Sockets Layer (SSL v2/v3) et
-Transport Layer Security (TLS v1) avec l'aide du kit d'outils Open
-Source SSL/TLS, OpenSSL, base sur SSLeay d'Eric A. Young et Tim J.
-Hudson.
-
-%description -l pl
-Projekt mod_ssl ma za zadanie zapewniæ serwerowi www Apache 1.3 wysoki
-poziom szyfrowania dziêki protoko³om Secure Sockets Layer (SSL v2/v3)
-i Transport Layer Security (TLS v1) przy pomocy pakiety narzêdziowego
-Open Source SSL/TSL -- OpenSSL, stworzonego na podstawie SSLeay Erica
-A.Younga i Tima J.Hudsona.
-
-%package -n apache-mod_sxnet
-Summary: Strong Extranet module for mod_ssl and apache
-Summary(fr): Module d'Extranet Fort pour Apache et mod_ssl
-Summary(pl): Modu³ Strong Extranet dla pakietu mod_ssl i webserwera Apache
-Group: Networking/Daemons
-Group(de): Netzwerkwesen/Server
-Group(pl): Sieciowe/Serwery
-Requires: apache(EAPI) >= %{APACHEVER}
-
-%description -n apache-mod_sxnet
-The Strong Extranet allows you to use digital certificates to
-authenticate users on your web server. Typically, your users enroll in
-your Strong Extranet, under your control, through the Thawte Personal
-Cert System.
-
-%description -l fr -n apache-mod_sxnet
-L'Extranet Fort vous permet d'utiliser des certificats numeriques pour
-authentifier les usagers sur votre serveur web. Typiquement, vos
-usagers s'enrolent dans votre Extranet Fort, sous votre controle, a
-travers le Thawte Personal Cert System.
-
-%description -l pl -n apache-mod_sxnet
-Pakiet Strong Extranet umo¿liwia u¿ywanie cyfrowych certyfikatów dla
-uwierzytleniania u¿ytkowników serwera www. Zwykle u¿ytkownicy
-rejestruj± siê pod opiek± administratora poprzez Thawte Personal Cert
-System.
-
-%prep
-%setup -q -n mod_ssl-%{SSLVER}-%{APACHEVER}
-%patch1 -p1
-%patch2 -p1
-
-%build
-SSL_BASE=SYSTEM
-export SSL_BASE
-%configure \
- --with-apxs=%{_sbindir}/apxs \
- --enable-shared=ssl \
- --with-ssl=%{_prefix}
-%{__make}
-
-cd pkg.contrib
-tar xvf sxnet.tar
-cd sxnet
-/usr/sbin/apxs -I%{_includedir}/openssl/ -L%{_libdir} -l ssl -l crypto -c mod_sxnet.c
-
-%install
-rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_libdir}/mod_ssl,%{_pkglibdir}} \
- $RPM_BUILD_ROOT%{_sysconfdir}/httpd \
- $RPM_BUILD_ROOT/etc/logrotate.d
-
-install pkg.sslmod/libssl.so $RPM_BUILD_ROOT%{_pkglibdir}
-install pkg.contrib/sxnet/mod_sxnet.so $RPM_BUILD_ROOT%{_pkglibdir}
-
-install pkg.contrib/*.sh $RPM_BUILD_ROOT%{_libdir}/mod_ssl
-install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/mod_ssl.conf
-install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/server.crt
-install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/server.key
-install %{SOURCE5} $RPM_BUILD_ROOT/etc/logrotate.d/apache-mod_ssl
-
-mv -f pkg.ssldoc ssl-doc
-
-install %{SOURCE4} sxnet.html
-
-gzip -9nf ANNOUNCE CHANGES CREDITS NEWS README*
-
-%post
-if [ -f %{_sysconfdir}/httpd/httpd.conf ] && \
- ! grep -q "^Include.*/mod_ssl.conf" %{_sysconfdir}/httpd/httpd.conf; then
- echo "Include /etc/httpd/mod_ssl.conf" >> %{_sysconfdir}/httpd/httpd.conf
-fi
-if [ -f /var/lock/subsys/httpd ]; then
- /etc/rc.d/init.d/httpd restart 1>&2
-else
- echo "Run \"/etc/rc.d/init.d/httpd start\" to start apache http daemon."
-fi
-
-%preun
-if [ "$1" = "0" ]; then
- grep -E -v "^Include.*mod_ssl.conf" %{_sysconfdir}/httpd/httpd.conf > \
- %{_sysconfdir}/httpd/httpd.conf.tmp
- mv -f %{_sysconfdir}/httpd/httpd.conf.tmp %{_sysconfdir}/httpd/httpd.conf
- if [ -f /var/lock/subsys/httpd ]; then
- /etc/rc.d/init.d/httpd restart 1>&2
- fi
-fi
-
-%files
-%defattr(644,root,root,755)
-%attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/httpd/mod_ssl.conf
-%attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/httpd/server.crt
-%attr(640,root,root) %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/httpd/server.key
-%attr(640,root,root) %config(noreplace) /etc/logrotate.d/*
-%doc *.gz
-%doc ssl-doc
-
-%attr(755,root,root) %{_pkglibdir}/libssl.so
-
-%dir %{_libdir}/mod_ssl
-%attr(755,root,root) %{_libdir}/mod_ssl/*.sh
-
-%files -n apache-mod_sxnet
-%defattr(644,root,root,755)
-%attr(755,root,root) %{_pkglibdir}/mod_sxnet.so
-%doc sxnet.html
-
-%clean
-rm -rf $RPM_BUILD_ROOT
projects / packages / apache1-mod_ssl.git / commitdiff