SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

README for Apache-SSL/1.3.33 Ben-SSL/1.56

(C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Ben Laurie <ben@algroup.co.uk> (https://www.apache-ssl.org/)

These patches interface Apache to OpenSSL.

For further information on Apache see: 

        http://www.apache.org
        "Apache: The Definitive Guide" published by O'Reilly
                (http://www.ora.com).

For further information on OpenSSL see:

http://www.openssl.org/

REMEMBER export and/or import of crypto software or crypto hooks is illegal in many parts of the world.

Prerequisites

Apache 1.3.33
OpenSSL 0.9.7d or later
patch 2.1 or 2.5

Files

ben.pgp.key.asc                 My PGP public key
EXTRAS.SSL                      Documentation on extra features
LICENCE.SSL                     A copy of the Apache-SSL licence
README.SSL                      This file
SECURITY                        Some thoughts about SSL and security
SSLpatch                        A patch file to be applied to the Apache source
src/modules/ssl/*               Extra module for Apache
SSLconf/conf/access.conf        Empty (required by Apache)
SSLconf/conf/httpd.conf         Example configuration
SSLconf/conf/srm.conf           Empty (required by Apache)
SSLconf/conf/mime.types         A copy of the the sample mime.types (required)
md5sums                         MD5 checksums of all files (using md5sum)
md5sums.asc                     My detached signature of md5sums

Installation

  1. Get hold of OpenSSL (from the sites mentioned above), and compile it.
  2. Get hold of Apache 1.3.33 (from ftp://www.apache.org/apache/dist).
  3. Unpack it.
  4. do "cd apache_1.3.33"
  5. Unpack this distribution.
  6. (Optional) Run the FixPatch script to try to fix up the OpenSSL paths in the patch. If you choose not to do this, you'll need to do some extra work in step
  7. This step is only optional because its new and I'm waiting for feedback before eliminating the old methods.
  8. do "patch -p1 < SSLpatch" (if you chose not to run FixPatch).
  9. Proceed with standard Apache configuration. Note that you'll need to set SSL_* in src/Configuration to appropriate values, unless you did step 6. If you point to the SSLeay source tree, then you'll only need to set SSL_BASE.
  10. Look at the (very brief) example configuration in SSLconf (yes, access.conf and srm.conf are supposed to be empty).
  11. Make yourself a test certificate by doing "cd src; make certificate".
  12. Before using this server for anything serious, read the file SECURITY.
  13. Have fun!
  14. Email any patches/suggestions to the address above PAYING CLOSE ATTENTION TO ANY APPLICABLE EXPORT/IMPORT LAWS.
  15. If this software doesn't do what you want, and you can't or won't fix it yourself, I am available for hire. Send me email outlining what you want and I will quote.

Starting Apache-SSL

In general, starting Apache-SSL is just like starting Apache, except the executable is called httpsd instead of httpd. It used to be that you had to add a sleep after firing up Apache-SSL. THIS IS NO LONGER TRUE.

If you change a private key file, it is necessary to restart Apache-SSL from scratch - the key caching will otherwise cause the old version to be reused.

CGI Environment Variables

Name                    Value           Desc
----                    _____           ----
HTTPS                   on              HTTPS is being used.
HTTPS_CIPHER            <string>        SSL/TLS cipherspec
SSL_CIPHER              <string>        The same as HTTPS_CIPHER
SSL_PROTOCOL_VERSION    <string>        ?       
SSL_SSLEAY_VERSION      <string>        ?
HTTPS_KEYSIZE           <number>        Number of bits in the session key
HTTPS_SECRETKEYSIZE     <number>        Number of bits in the secret key
SSL_CLIENT_DN           <string>        DN in client's certificate
SSL_CLIENT_<x509>       <string>        Component of client's DN
SSL_CLIENT_I_DN         <string>        DN of issuer of client's certificate
SSL_CLIENT_I_<x509>     <string>        Component of client's issuer's DN
SSL_SERVER_DN           <string>        DN in server's certificate
SSL_SERVER_<x509>       <string>        Component of server's DN
SSL_SERVER_I_DN         <string>        DN of issuer of server's certificate
SSL_SERVER_I_<x509>     <string>        Component of server's issuer's DN
SSL_CLIENT_CERT         <string>        Base64 encoding of client cert
SSL_CLIENT_CERT_CHAIN_n <string>        Base64 encoding of client cert chain

where <x509> is a component of an X509 DN.

Derived Works

I have been asked what to do about the version string for derived works. The comment above the version string in httpd.h spells it out pretty clearly, but, to reiterate, any derived work's version string should include "Apache/x.y.z" and "Ben-SSL/x.y" in it.

Compatibility

This version tested only with Netscape 4.7 on Windows NT.

Credits

Thanks to The Apache Group and the NCSA, for Apache, to Eric Young and Tim Hudson, for SSLeay, and to Baroness Camilla von Massenbach, for putting up with me.

Thanks to Brad Eacker (beacker@beakman.cks.com) for providing a port from Apache-SSL 1.1.3+1.3 to Apache 1.2b8.

Ben Laurie is Technical Director of A.L. Digital Ltd., London, England, who generously support the development of Apache-SSL.

See http://www.algroup.co.uk/

Sponsorship

1.2.5+1.13 was sponsored by Virgin Music Group.


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.