diff -C3 -r ../apache_1.2.5/src/Configuration ./src/Configuration
*** ../apache_1.2.5/src/Configuration	Mon Jan  5 23:23:43 1998
--- ./src/Configuration	Sun Mar 15 14:52:36 1998
***************
*** 41,47 ****
  # Settings here have priority; If not set, Configure will attempt to guess
  # the C compiler, and set OPTIM to '-O2'
  #
! EXTRA_CFLAGS=
  EXTRA_LFLAGS=
  EXTRA_LIBS=
  EXTRA_INCLUDES=
--- 41,47 ----
  # Settings here have priority; If not set, Configure will attempt to guess
  # the C compiler, and set OPTIM to '-O2'
  #
! EXTRA_CFLAGS=-w3 -g
  EXTRA_LFLAGS=
  EXTRA_LIBS=
  EXTRA_INCLUDES=
***************
*** 50,55 ****
--- 50,69 ----
  #OPTIM=-O2
  #RANLIB=
  
+ TARGET=httpsd
+ 
+ #
+ # SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+ # installed version. This is because the paths differ between the source and
+ # the installed version.
+ #
+ SSL_BASE= /u/ben/work/scuzzy-ssleay8
+ SSL_INCLUDE= -I$(SSL_BASE)/include
+ SSL_CFLAGS= -DAPACHE_SSL $(SSL_INCLUDE)
+ SSL_LIB_DIR= $(SSL_BASE)
+ SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+ SSL_APP_DIR= $(SSL_BASE)/apps
+ 
  ################################################################
  # Rules configuration
  #
***************
*** 200,206 ****
  ## NOTE: You do not want this module UNLESS you are running a proxy;
  ##       it is not needed for normal (origin server) operation.
  
! # Module proxy_module        modules/proxy/libproxy.a
  
  ## The Alias module provides simple URL translation and redirection.
  
--- 214,220 ----
  ## NOTE: You do not want this module UNLESS you are running a proxy;
  ##       it is not needed for normal (origin server) operation.
  
! Module proxy_module        modules/proxy/libproxy.a
  
  ## The Alias module provides simple URL translation and redirection.
  
***************
*** 209,215 ****
  ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping,
  ## using regular expressions.
  
! # Module rewrite_module      mod_rewrite.o
  
  ##
  ## Access control and authentication modules. 
--- 223,229 ----
  ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping,
  ## using regular expressions.
  
! Module rewrite_module      mod_rewrite.o
  
  ##
  ## Access control and authentication modules. 
***************
*** 220,226 ****
  ## The anon_auth module allows for anonymous-FTP-style username/ 
  ## password authentication.
  
! # Module anon_auth_module    mod_auth_anon.o
  
  ## db_auth and dbm_auth work with Berkeley DB files - make sure there
  ## is support for DBM files on your system.  You may need to grab the GNU
--- 234,240 ----
  ## The anon_auth module allows for anonymous-FTP-style username/ 
  ## password authentication.
  
! Module anon_auth_module    mod_auth_anon.o
  
  ## db_auth and dbm_auth work with Berkeley DB files - make sure there
  ## is support for DBM files on your system.  You may need to grab the GNU
***************
*** 228,234 ****
  ## done by Configure at a later date)
  
  # Module db_auth_module      mod_auth_db.o
! # Module dbm_auth_module     mod_auth_dbm.o
  
  ## msql_auth checks against an mSQL database.  You must have mSQL installed
  ## and an "msql.h" available for this to even compile.  Additionally,
--- 242,248 ----
  ## done by Configure at a later date)
  
  # Module db_auth_module      mod_auth_db.o
! Module dbm_auth_module     mod_auth_dbm.o
  
  ## msql_auth checks against an mSQL database.  You must have mSQL installed
  ## and an "msql.h" available for this to even compile.  Additionally,
***************
*** 244,267 ****
  ## "digest" implements HTTP Digest Authentication rather than the less 
  ## secure Basic Auth used by the other modules.
  
! # Module digest_module       mod_digest.o
  
  ## Optional response header manipulation modules. 
  ##
  ## cern_meta mimics the behavior of the CERN web server with regards to 
  ## metainformation files.  
  
! # Module cern_meta_module    mod_cern_meta.o
  
  ## The expires module can apply Expires: headers to resources,
  ## as a function of access time or modification time.
  
! # Module expires_module      mod_expires.o
  
  ## The headers module can set arbitrary HTTP response headers,
  ## as configured in server, vhost, access.conf or .htaccess configs
  
! # Module headers_module      mod_headers.o
  
  ## Miscellaneous modules
  ##
--- 258,285 ----
  ## "digest" implements HTTP Digest Authentication rather than the less 
  ## secure Basic Auth used by the other modules.
  
! Module digest_module       mod_digest.o
  
  ## Optional response header manipulation modules. 
  ##
  ## cern_meta mimics the behavior of the CERN web server with regards to 
  ## metainformation files.  
  
! Module cern_meta_module    mod_cern_meta.o
  
  ## The expires module can apply Expires: headers to resources,
  ## as a function of access time or modification time.
  
! Module expires_module      mod_expires.o
  
  ## The headers module can set arbitrary HTTP response headers,
  ## as configured in server, vhost, access.conf or .htaccess configs
  
! Module headers_module      mod_headers.o
! 
! # Damn damn damn. Apache inverts the module list. SSL must go first to fake
! # basic authorization. So, uncomment this line to add SSL.
! Module ssl_module apache_ssl.o
  
  ## Miscellaneous modules
  ##
***************
*** 273,279 ****
  ## You do not need this, or any other module to allow your site
  ## to use Cookies.  This module is for user tracking only
  
! # Module usertrack_module      mod_usertrack.o
  
  ## The example module, which demonstrates the use of the API.  See
  ## the file modules/example/README for details.  This module should
--- 291,297 ----
  ## You do not need this, or any other module to allow your site
  ## to use Cookies.  This module is for user tracking only
  
! Module usertrack_module      mod_usertrack.o
  
  ## The example module, which demonstrates the use of the API.  See
  ## the file modules/example/README for details.  This module should
diff -C3 -r ../apache_1.2.5/src/Configuration.tmpl ./src/Configuration.tmpl
*** ../apache_1.2.5/src/Configuration.tmpl	Wed Oct 22 00:18:43 1997
--- ./src/Configuration.tmpl	Sat Jan 10 11:59:07 1998
***************
*** 50,55 ****
--- 50,67 ----
  #OPTIM=-O2
  #RANLIB=
  
+ TARGET=httpsd
+ 
+ #
+ # SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+ # installed version.
+ #
+ SSL_BASE=/u/ben/work/scuzzy-ssleay6
+ SSL_INCLUDE= -I$(SSL_BASE)/include
+ SSL_CFLAGS= -DAPACHE_SSL $(SSL_INCLUDE)
+ SSL_LIB_DIR= $(SSL_BASE)
+ SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+ 
  ################################################################
  # Rules configuration
  #
***************
*** 262,267 ****
--- 274,283 ----
  ## as configured in server, vhost, access.conf or .htaccess configs
  
  # Module headers_module      mod_headers.o
+ 
+ # Damn damn damn. Apache inverts the module list. SSL must go first to fake
+ # basic authorization. So, uncomment this line to add SSL.
+ Module ssl_module apache_ssl.o
  
  ## Miscellaneous modules
  ##
diff -C3 -r ../apache_1.2.5/src/Makefile.tmpl ./src/Makefile.tmpl
*** ../apache_1.2.5/src/Makefile.tmpl	Tue Jul  1 01:33:31 1997
--- ./src/Makefile.tmpl	Sun Mar 15 14:52:34 1998
***************
*** 11,22 ****
  OBJS= alloc.o http_main.o http_core.o http_config.o http_request.o \
    http_log.o http_protocol.o rfc1413.o util.o util_script.o modules.o buff.o\
    md5c.o util_md5.o explain.o http_bprintf.o util_date.o util_snprintf.o\
    $(MODULES)
  
  .c.o:
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $<
! 
! all: @@Configuration@@ httpd
  
  @@Configuration@@: Configuration.tmpl
  	@echo "@@Configuration@@ older than Configuration.tmpl, or doesn't exist."
--- 11,22 ----
  OBJS= alloc.o http_main.o http_core.o http_config.o http_request.o \
    http_log.o http_protocol.o rfc1413.o util.o util_script.o modules.o buff.o\
    md5c.o util_md5.o explain.o http_bprintf.o util_date.o util_snprintf.o\
+   gcacheclient.o gcachecommon.o\
    $(MODULES)
  
  .c.o:
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $(SSL_CFLAGS) $<
! all: @@Configuration@@ $(TARGET) gcache
  
  @@Configuration@@: Configuration.tmpl
  	@echo "@@Configuration@@ older than Configuration.tmpl, or doesn't exist."
***************
*** 28,42 ****
  httpd: $(REGLIB) $(OBJS)
  	$(CC) $(LFLAGS)  -o httpd $(OBJS) $(REGLIB) $(LIBS)
  
  regex/libregex.a:
  	(cd regex; $(MAKE) lib CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)')
  
  modules/last-built:
  	(cd modules; \
! 	$(MAKE) CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)')
  
  clean:
! 	rm -f httpd *.o core
  	cd regex; $(MAKE) clean
  	cd modules; $(MAKE) clean
  
--- 28,61 ----
  httpd: $(REGLIB) $(OBJS)
  	$(CC) $(LFLAGS)  -o httpd $(OBJS) $(REGLIB) $(LIBS)
  
+ httpsd: $(REGLIB) $(OBJS)
+ 	$(CC) $(LFLAGS) -o httpsd $(OBJS) $(REGLIB) $(SSL_LIBS) $(LIBS)
+ 
+ gcache.o gcachecommon.o gcacheclient.o apache_ssl.o: gcache.h
+ 
+ gcache: gcache.o gcachecommon.o
+ 	$(CC) $(LFLAGS) -o gcache gcache.o gcachecommon.o $(LIBS)
+ 
+ certificate:
+ 	$(SSL_APP_DIR)/ssleay req -config $(SSL_APP_DIR)/ssleay.cnf \
+ 	-new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \
+ 	-keyout ../SSLconf/conf/httpsd.pem; \
+ 	ln -sf ../SSLconf/conf/httpsd.pem ../SSLconf/conf/`$(SSL_APP_DIR)/ssleay \
+ 	x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0
+ 
  regex/libregex.a:
  	(cd regex; $(MAKE) lib CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)')
  
  modules/last-built:
  	(cd modules; \
! 	$(MAKE) CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' \
! 	SSL_BASE='$(SSL_BASE)' SSL_INCLUDE='$(SSL_INCLUDE)' \
! 	SSL_CFLAGS='$(SSL_CFLAGS)' SSL_LIB_DIR='$(SSL_LIB_DIR)' \
! 	SSL_LIBS='$(SSL_LIBS)' SSL_APP_DIR='$(SSL_APP_DIR)' \
! 	)
  
  clean:
! 	rm -f httpd httpsd *.o core
  	cd regex; $(MAKE) clean
  	cd modules; $(MAKE) clean
  
***************
*** 49,55 ****
  
  # Work around broken compilers
  http_bprintf.o: http_bprintf.c
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(BROKEN_BPRINTF_FLAGS) http_bprintf.c
  
  # We really don't expect end users to use this rule.  It works only with
  # gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
--- 68,74 ----
  
  # Work around broken compilers
  http_bprintf.o: http_bprintf.c
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(BROKEN_BPRINTF_FLAGS) $(SSL_CFLAGS) http_bprintf.c
  
  # We really don't expect end users to use this rule.  It works only with
  # gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
diff -C3 -r ../apache_1.2.5/src/buff.c ./src/buff.c
*** ../apache_1.2.5/src/buff.c	Thu Aug  7 08:41:46 1997
--- ./src/buff.c	Sat Jan 10 11:59:07 1998
***************
*** 143,148 ****
--- 143,153 ----
      fb->fd = -1;
      fb->fd_in = -1;
  
+ #ifdef APACHE_SSL
+     fb->ssl = NULL;
+     fb->szClientX509 = NULL;
+ #endif
+ 
      return fb;
  }
  
***************
*** 324,329 ****
--- 329,339 ----
  	}
      }
      do {
+ #ifdef APACHE_SSL
+       if (fb->ssl)
+ 	rv = SSL_read(fb->ssl, buf, nbyte);
+       else
+ #endif
  	rv = read( fb->fd_in, buf, nbyte );
      } while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
      return( rv );
***************
*** 621,627 ****
  	return -1;
  
      while (nbyte > 0) {
! 	i = write(fb->fd, buf, nbyte);
  	if (i < 0) {
  	    if (errno != EAGAIN && errno != EINTR) {
  		doerror (fb, B_WR);
--- 631,642 ----
  	return -1;
  
      while (nbyte > 0) {
! #ifdef APACHE_SSL
!       if (fb->ssl)
! 	i = SSL_write(fb->ssl, buf, nbyte);
!       else
! #endif
! 	i = write(fb->fd, buf, nbyte );
  	if (i < 0) {
  	    if (errno != EAGAIN && errno != EINTR) {
  		doerror (fb, B_WR);
***************
*** 659,665 ****
  	return -1;
  
      if (!(fb->flags & B_CHUNK)) {
! 	do rv = write(fb->fd, buf, nbyte);
  	while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
  	if (rv == -1) {
  	    if (errno != EAGAIN) {
--- 674,686 ----
  	return -1;
  
      if (!(fb->flags & B_CHUNK)) {
! 	do
! #ifdef APACHE_SSL
! 	    if(fb->ssl)
! 		rv = SSL_write(fb->ssl, buf, nbyte);
! 	    else
! #endif
! 		rv = write(fb->fd, buf, nbyte);
  	while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
  	if (rv == -1) {
  	    if (errno != EAGAIN) {
***************
*** 672,678 ****
  	return rv;
      }
  
! #ifdef NO_WRITEV
      /* without writev() this has poor performance, too bad */
  
      ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
--- 693,699 ----
  	return rv;
      }
  
! #if defined(NO_WRITEV) || defined(APACHE_SSL)
      /* without writev() this has poor performance, too bad */
  
      ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
***************
*** 796,801 ****
--- 817,827 ----
  	    break;
  	}
  	do {
+ #ifdef APACHE_SSL
+ 	if(fb->ssl)
+ 	    i=SSL_write(fb->ssl, fb->outbase, fb->outcnt);
+ 	else
+ #endif
  	    i = write(fb->fd, fb->outbase, fb->outcnt);
  	} while (i == -1 && errno == EINTR && !(fb->flags & B_EOUT));
  	if (i <= 0) {
***************
*** 873,878 ****
--- 899,909 ----
      while (fb->outcnt > 0)
      {
  	do {
+ #ifdef APACHE_SSL
+ 	if(fb->ssl)
+ 	    i = SSL_write(fb->ssl, fb->outbase, fb->outcnt);
+ 	else
+ #endif
  	    i = write(fb->fd, fb->outbase, fb->outcnt);
  	} while ((i <= 0)
  	         && !(fb->flags & B_EOUT)
***************
*** 933,938 ****
--- 964,976 ----
      fb->flags |= B_EOF | B_EOUT;
      fb->fd = -1;
      fb->fd_in = -1;
+ 
+ #ifdef APACHE_SSL
+     if (fb->ssl) {
+ 	SSL_free(fb->ssl);
+ 	fb->ssl = NULL;
+     }
+ #endif
  
      if (rc1 != 0) return rc1;
      else if (rc2 != 0) return rc2;
diff -C3 -r ../apache_1.2.5/src/buff.h ./src/buff.h
*** ../apache_1.2.5/src/buff.h	Mon Feb 10 15:49:54 1997
--- ./src/buff.h	Sat Jan 10 11:59:07 1998
***************
*** 52,57 ****
--- 52,62 ----
  
  #include <stdarg.h>
  
+ #ifdef APACHE_SSL
+ #include <stdio.h>
+ #include <ssl.h>
+ #endif
+ 
  /* Reading is buffered */
  #define B_RD     (1)
  /* Writing is buffered */
***************
*** 94,99 ****
--- 99,111 ----
  /* could also put pointers to the basic I/O routines here */
      int fd;                /* the file descriptor */
      int fd_in;             /* input file descriptor, if different */
+ 
+ #ifdef APACHE_SSL
+     /* Add some context for SSL */
+     SSL *ssl;
+     char *szClientX509;
+     int nVerifyError;
+ #endif
  };
  
  /* Options to bset/getopt */
diff -C3 -r ../apache_1.2.5/src/http_config.c ./src/http_config.c
*** ../apache_1.2.5/src/http_config.c	Mon Jan  5 20:46:12 1998
--- ./src/http_config.c	Sat Jan 10 11:59:07 1998
***************
*** 1058,1064 ****
--- 1058,1068 ----
  {
      server_rec *s = (server_rec *)pcalloc (p, sizeof (server_rec));
  
+ #ifdef APACHE_SSL
+     s->port=0;
+ #else
      s->port = DEFAULT_PORT;
+ #endif
      s->server_admin = DEFAULT_ADMIN;
      s->server_hostname = NULL; 
      s->error_fname = DEFAULT_ERRORLOG;
***************
*** 1096,1101 ****
--- 1100,1107 ----
      process_resource_config (s, s->access_confname, p, ptemp);
      
      fixup_virtual_hosts (p, s);
+ 
+     default_server_hostnames(s);
      
      return s;
  }
diff -C3 -r ../apache_1.2.5/src/http_main.c ./src/http_main.c
*** ../apache_1.2.5/src/http_main.c	Mon Sep 22 21:58:51 1997
--- ./src/http_main.c	Sun Jan 25 23:53:36 1998
***************
*** 1875,1880 ****
--- 1875,1890 ----
  				       (struct sockaddr_in *)&sa_server,
  				       child_num);
  
+ #ifdef APACHE_SSL
+ 	/* 
+ 	 * This returns false if the connection cannot be setup,
+ 	 * so maybe we should do something with this here...
+ 	 * however it also blocks the BUFF connections
+ 	 * so the next bit should fall out anyway!
+ 	 */
+ 	ApacheSSLSetupConnection(current_conn);
+ #endif
+ 
          /*
           * Read and process each request found on our connection
           * until no requests are left or we decide to close.
***************
*** 2153,2158 ****
--- 2163,2169 ----
  {
      struct sockaddr_in sa_server;
      int saved_sd;
+     static BOOL bFirst=TRUE;
      int remaining_children_to_start;
  
      standalone = 1;
***************
*** 2174,2183 ****
  	    kill_cleanups_for_fd (pconf, scoreboard_fd);
  	}
  #endif
! 	clear_pool (pconf);
! 	ptrans = make_sub_pool (pconf);
  
! 	server_conf = read_config (pconf, ptrans, server_confname); 
  
  	if (listeners == NULL) {
  	    if (!is_graceful) {
--- 2185,2197 ----
  	    kill_cleanups_for_fd (pconf, scoreboard_fd);
  	}
  #endif
! 	if(!bFirst)
! 	    {
! 	    clear_pool (pconf);
! 	    ptrans = make_sub_pool (pconf);
  
! 	    server_conf = read_config (pconf, ptrans, server_confname); 
! 	    }
  
  	if (listeners == NULL) {
  	    if (!is_graceful) {
***************
*** 2212,2218 ****
  	    sd = -1;
  	}
  
! 	init_modules (pconf, server_conf);
  	open_logs (server_conf, pconf);
  	set_group_privs ();
  	accept_mutex_init (pconf);
--- 2226,2244 ----
  	    sd = -1;
  	}
  
! 	if(!bFirst)
! 	    init_modules (pconf, server_conf);
! 	else
! 	    bFirst=FALSE;
! 	/* This just gets nastier and nastier, but I see little point in
! 	   trying to fix it before 2.0. Ben 25/1/98
! 	   BTW, the reason you have to do this is so that gcache is in the same
! 	   process group as Apache, so it dies when we do.
! 	   Hmmm ... so that means that log processes are not working right with
! 	   Apache-SSL. Arggg. Need a better way to do this.
! 	 */
! 	LaunchGlobalCache(pconf);
! 
  	open_logs (server_conf, pconf);
  	set_group_privs ();
  	accept_mutex_init (pconf);
***************
*** 2226,2232 ****
  	}
  #endif
  
! 	default_server_hostnames (server_conf);
  
  	set_signals ();
  	log_pid (pconf, pid_fname);
--- 2252,2258 ----
  	}
  #endif
  
! 	/*	default_server_hostnames (server_conf);*/
  
  	set_signals ();
  	log_pid (pconf, pid_fname);
***************
*** 2441,2447 ****
      init_modules (pconf, server_conf);
      
      if(standalone) {
!         clear_pool (pconf);	/* standalone_main rereads... */
          standalone_main(argc, argv);
      }
      else {
--- 2467,2473 ----
      init_modules (pconf, server_conf);
      
      if(standalone) {
!     /*        clear_pool (pconf);	/* standalone_main rereads... */
          standalone_main(argc, argv);
      }
      else {
diff -C3 -r ../apache_1.2.5/src/http_protocol.c ./src/http_protocol.c
*** ../apache_1.2.5/src/http_protocol.c	Fri Aug 15 17:08:51 1997
--- ./src/http_protocol.c	Sat Jan 10 11:59:08 1998
***************
*** 553,561 ****
    unsigned port;
  
    /* This routine parses full URLs, if they match the server */
!   if (strncmp(uri, "http://", 7)) return uri;
!   name = pstrdup(r->pool, uri + 7);
!   
    /* Find the hostname, assuming a valid request */
    i = ind(name, '/');
    name[i] = '\0';
--- 553,565 ----
    unsigned port;
  
    /* This routine parses full URLs, if they match the server */
!   char *method=http_method(r);
!   int mlen=strlen(method);
! 
!   if(strncmp(uri,method,mlen) || strncmp(uri+mlen,"://",3))
!       return uri;
!   name = pstrdup(r->pool, uri + mlen);
! 
    /* Find the hostname, assuming a valid request */
    i = ind(name, '/');
    name[i] = '\0';
***************
*** 563,576 ****
    /* Find the port */
    host = getword_nc(r->pool, &name, ':');
    if (*name) port = atoi(name);
!   else port = 80;
  
    /* Make sure ports patch */
    if (port != r->server->port) return uri;
  
    /* Save it for later use */
    r->hostname = pstrdup(r->pool, host);
!   r->hostlen = 7 + i;
  
    /* The easy cases first */
    if (!strcasecmp(host, r->server->server_hostname)) {
--- 567,580 ----
    /* Find the port */
    host = getword_nc(r->pool, &name, ':');
    if (*name) port = atoi(name);
!   else port=default_port(r);
  
    /* Make sure ports patch */
    if (port != r->server->port) return uri;
  
    /* Save it for later use */
    r->hostname = pstrdup(r->pool, host);
!   r->hostlen = mlen+3 + i;
  
    /* The easy cases first */
    if (!strcasecmp(host, r->server->server_hostname)) {
***************
*** 680,686 ****
  static void check_hostalias (request_rec *r) {
    const char *hostname=r->hostname;
    char *host = getword(r->pool, &hostname, ':');	/* Get rid of port */
!   unsigned port = (*hostname) ? atoi(hostname) : 80;
    server_rec *s;
    int l;
  
--- 684,690 ----
  static void check_hostalias (request_rec *r) {
    const char *hostname=r->hostname;
    char *host = getword(r->pool, &hostname, ':');	/* Get rid of port */
!   unsigned port = (*hostname) ? atoi(hostname) : default_port(r);
    server_rec *s;
    int l;
  
diff -C3 -r ../apache_1.2.5/src/httpd.h ./src/httpd.h
*** ../apache_1.2.5/src/httpd.h	Mon Jan  5 23:20:09 1998
--- ./src/httpd.h	Sun Feb  1 13:35:36 1998
***************
*** 97,105 ****
   */
  
  
! /* -------------- Port number for server running standalone --------------- */
! 
! #define DEFAULT_PORT 80
  
  /* --------- Default user name and group name running standalone ---------- */
  /* --- These may be specified as numbers by placing a # before a number --- */
--- 97,115 ----
   */
  
  
! /* -------------- Port number and protocol for server running standalone -- */
! #ifdef APACHE_SSL
! #define HTTP_PORT	80
! #define HTTPS_PORT	443
! #define default_port(r)		((r)->connection->client->ssl ? HTTPS_PORT : HTTP_PORT)
! #define is_default_port(port,r)	((port) == default_port(r))
! #define http_method(r)		((r)->connection->client->ssl ? "https" : "http")
! #else
! #define	DEFAULT_PORT	80
! #define	default_port(r)		DEFAULT_PORT
! #define is_default_port(port,r)	((port) == DEFAULT_PORT)
! #define http_method(r)	"http"
! #endif
  
  /* --------- Default user name and group name running standalone ---------- */
  /* --- These may be specified as numbers by placing a # before a number --- */
***************
*** 256,262 ****
--- 266,276 ----
   * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
   */
  
+ #ifdef APACHE_SSL
+ #define SERVER_BASEVERSION "Apache/1.2.5 Ben-SSL/1.14" /* SEE COMMENTS ABOVE */
+ #else
  #define SERVER_BASEVERSION "Apache/1.2.5" /* SEE COMMENTS ABOVE */
+ #endif
  #ifdef SERVER_SUBVERSION
  #define SERVER_VERSION	SERVER_BASEVERSION " " SERVER_SUBVERSION
  #else
***************
*** 580,585 ****
--- 594,608 ----
  #define DEFAULT_VHOST_ADDR 0xfffffffful
  
  typedef struct server_addr_rec server_addr_rec;
+ 
+ typedef unsigned int BOOL;
+ #define TRUE 		1
+ #define FALSE 		0
+ 
+ #ifdef APACHE_SSL
+ int ApacheSSLSetupConnection(conn_rec *conn);
+ void LaunchGlobalCache(pool *pPool);
+ #endif
  struct server_addr_rec {
      server_addr_rec *next;
      struct in_addr host_addr;	/* The bound address, for this server */
***************
*** 680,687 ****
  char *os_escape_path(pool *p,const char *path,int partial);
  #define escape_uri(ppool,path) os_escape_path(ppool,path,1)
  extern char *escape_html(pool *p, const char *s);
! char *construct_server(pool *p, const char *hostname, unsigned port);
! char *construct_url (pool *p, const char *path, const server_rec *s);     
  char *escape_shell_cmd (pool *p, const char *s);
       
  int count_dirs(const char *path);
--- 703,710 ----
  char *os_escape_path(pool *p,const char *path,int partial);
  #define escape_uri(ppool,path) os_escape_path(ppool,path,1)
  extern char *escape_html(pool *p, const char *s);
! char *construct_server(pool *p, const char *hostname, unsigned port, const request_rec *r);
! char *construct_url (pool *p, const char *path, const request_rec *r);
  char *escape_shell_cmd (pool *p, const char *s);
       
  int count_dirs(const char *path);
diff -C3 -r ../apache_1.2.5/src/md5.h ./src/md5.h
*** ../apache_1.2.5/src/md5.h	Wed Jan  1 18:10:23 1997
--- ./src/md5.h	Sat Jan 10 11:59:08 1998
***************
*** 91,99 ****
    UINT4 state[4];                                   /* state (ABCD) */
    UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
    unsigned char buffer[64];                         /* input buffer */
! } MD5_CTX;
  
! extern void MD5Init(MD5_CTX *context);
! extern void MD5Update(MD5_CTX *context, const unsigned char *input,
  		      unsigned int inputLen);
! extern void MD5Final(unsigned char digest[16], MD5_CTX *context);
--- 91,99 ----
    UINT4 state[4];                                   /* state (ABCD) */
    UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
    unsigned char buffer[64];                         /* input buffer */
! } APACHE_MD5_CTX;
  
! extern void MD5Init(APACHE_MD5_CTX *context);
! extern void MD5Update(APACHE_MD5_CTX *context, const unsigned char *input,
  		      unsigned int inputLen);
! extern void MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context);
diff -C3 -r ../apache_1.2.5/src/md5c.c ./src/md5c.c
*** ../apache_1.2.5/src/md5c.c	Wed Jan  1 18:10:24 1997
--- ./src/md5c.c	Sat Jan 10 11:59:08 1998
***************
*** 158,164 ****
  /* MD5 initialization. Begins an MD5 operation, writing a new context.
   */
  void
! MD5Init(MD5_CTX *context)
  {
      context->count[0] = context->count[1] = 0;
    /* Load magic initialization constants. */
--- 158,164 ----
  /* MD5 initialization. Begins an MD5 operation, writing a new context.
   */
  void
! MD5Init(APACHE_MD5_CTX *context)
  {
      context->count[0] = context->count[1] = 0;
    /* Load magic initialization constants. */
***************
*** 173,179 ****
    context.
   */
  void
! MD5Update(MD5_CTX *context, const unsigned char *input, unsigned int inputLen)
  {
      unsigned int i, index, partLen;
  
--- 173,179 ----
    context.
   */
  void
! MD5Update(APACHE_MD5_CTX *context, const unsigned char *input, unsigned int inputLen)
  {
      unsigned int i, index, partLen;
  
***************
*** 209,215 ****
    the message digest and zeroizing the context.
   */
  void
! MD5Final(unsigned char digest[16], MD5_CTX *context)
  {
      unsigned char bits[8];
      unsigned int index, padLen;
--- 209,215 ----
    the message digest and zeroizing the context.
   */
  void
! MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context)
  {
      unsigned char bits[8];
      unsigned int index, padLen;
diff -C3 -r ../apache_1.2.5/src/mod_auth.c ./src/mod_auth.c
*** ../apache_1.2.5/src/mod_auth.c	Thu Apr 24 10:16:54 1997
--- ./src/mod_auth.c	Sat Jan 10 11:59:08 1998
***************
*** 70,76 ****
--- 70,82 ----
  #include "http_log.h"
  #include "http_protocol.h"
  #if defined(HAVE_CRYPT_H)
+ #if defined(APACHE_SSL)
+ #define des_encrypt	BASE_des_encrypt
  #include <crypt.h>
+ #undef des_encrypt
+ #else
+ #include <crypt.h>
+ #endif /* APACHE_SSL */
  #endif
  
  typedef struct auth_config_struct {
diff -C3 -r ../apache_1.2.5/src/mod_dir.c ./src/mod_dir.c
*** ../apache_1.2.5/src/mod_dir.c	Fri Jun 27 02:21:22 1997
--- ./src/mod_dir.c	Sat Jan 10 11:59:09 1998
***************
*** 810,816 ****
  			 "/", NULL);
  
  	table_set (r->headers_out, "Location",
! 		   construct_url(r->pool, ifile, r->server)); 
  	return HTTP_MOVED_PERMANENTLY;
      }
  
--- 810,816 ----
  			 "/", NULL);
  
  	table_set (r->headers_out, "Location",
! 		   construct_url(r->pool, ifile, r)); 
  	return HTTP_MOVED_PERMANENTLY;
      }
  
diff -C3 -r ../apache_1.2.5/src/mod_imap.c ./src/mod_imap.c
*** ../apache_1.2.5/src/mod_imap.c	Mon Jan  5 20:48:58 1998
--- ./src/mod_imap.c	Fri Jan 16 18:51:53 1998
***************
*** 381,387 ****
      char *my_base;
  
      if (!strcasecmp(value, "map") || !strcasecmp(value, "menu")) {
! 	return construct_url(r->pool, r->uri, r->server);
      }
  
      if (!strcasecmp(value, "nocontent") || !strcasecmp(value, "error")) {
--- 381,387 ----
      char *my_base;
  
      if (!strcasecmp(value, "map") || !strcasecmp(value, "menu")) {
! 	return construct_url(r->pool, r->uri, r);
      }
  
      if (!strcasecmp(value, "nocontent") || !strcasecmp(value, "error")) {
***************
*** 417,423 ****
  	    return pstrdup(r->pool, value); /* no base: use what is given */
          }
  	/* no base, no value: pick a simple default */
! 	return construct_url(r->pool, "/", r->server);
      }
  
      /* must be a relative URL to be combined with base */
--- 417,423 ----
  	    return pstrdup(r->pool, value); /* no base: use what is given */
          }
  	/* no base, no value: pick a simple default */
! 	return construct_url(r->pool, "/", r);
      }
  
      /* must be a relative URL to be combined with base */
diff -C3 -r ../apache_1.2.5/src/mod_log_config.c ./src/mod_log_config.c
*** ../apache_1.2.5/src/mod_log_config.c	Sun May  4 20:47:47 1997
--- ./src/mod_log_config.c	Sat Jan 10 11:59:09 1998
***************
*** 118,123 ****
--- 118,132 ----
   * %...l:  remote logname (from identd, if supplied)
   * %...{Foobar}n:  The contents of note "Foobar" from another module.
   * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
+  *
+  * Additional SSL directives:
+  *
+  * %...{cipher}c:  cipher used (SSL_get_cipher)
+  * %...{clientcert}c: client certificate information
+  * %...{errcode}c: X509 verify error code
+  * %...{errstr}c: X509 verify error string
+  * %...{version}c: SSL version (SSLeay 0.8.0 and above)
+  *
   * %...p:  the port the request was served to
   * %...P:  the process ID of the child that serviced the request.
   * %...r:  first line of request
***************
*** 162,167 ****
--- 171,180 ----
  #include "http_config.h"
  #include "http_core.h" /* For REMOTE_NAME */
  
+ #ifdef APACHE_SSL
+ #include <crypto.h>
+ #endif
+ 
  module config_log_module;
  
  static int xfer_flags = ( O_WRONLY | O_APPEND | O_CREAT );
***************
*** 340,345 ****
--- 353,363 ----
      ap_snprintf(pidnum, sizeof(pidnum), "%ld", (long)getpid());
      return pstrdup(r->pool, pidnum);
  }
+ 
+ #ifdef APACHE_SSL
+ extern char *log_ssl_info(request_rec *r, char *a);
+ #endif
+ 
  /*****************************************************************
   *
   * Parsing the log format string
***************
*** 367,372 ****
--- 385,393 ----
      { 'v', log_virtual_host, 0 },
      { 'p', log_server_port, 0 },
      { 'P', log_child_pid, 0 },
+ #ifdef APACHE_SSL
+     { 'c', log_ssl_info, 0 },
+ #endif
      { '\0' }
  };
  
***************
*** 487,492 ****
--- 508,560 ----
      return a;
  }
  
+ #ifdef APACHE_SSL
+ char *log_ssl_info(request_rec *r, char *a)
+     {
+     char str[MAX_STRING_LEN];
+ 
+     if(!r->connection->client->ssl)
+ 	return NULL;
+ 
+     if(!strcmp(a, "cipher"))
+ 	return SSL_get_cipher(r->connection->client->ssl);
+ 
+     if(!strcmp(a, "clientcert"))
+ 	return r->connection->client->szClientX509;
+ 
+     if(!strcmp(a, "errcode"))
+ 	if(r->connection->client->nVerifyError)
+ 	    {
+ 	    sprintf(str, "%d", r->connection->client->nVerifyError);
+ 	    return pstrdup(r->pool,str);
+ 	    }
+ 	else
+ 	    return NULL;
+ 
+     if(!strcmp(a, "errstr"))
+ 	if(r->connection->client->nVerifyError)
+ #if SSLEAY_VERSION_NUMBER < 0x0800
+ 	    return X509_cert_verify_error_string(r->connection->client->nVerifyError);
+ #else
+ 	    return X509_verify_cert_error_string(r->connection->client->nVerifyError);
+ #endif
+ 	else
+ 	    return NULL;
+ 
+ #if SSLEAY_VERSION_NUMBER >= 0x0800
+     if(!strcmp(a, "version"))
+ 	{
+ 	static char v[2];
+ 
+ 	v[0]='0'+r->connection->client->ssl->session->ssl_version;
+ 	v[1]='\0';
+ 	return v;
+ 	}
+ #endif
+     
+     return NULL;
+ }
+ #endif
  /*****************************************************************
   *
   * Actually logging.
diff -C3 -r ../apache_1.2.5/src/mod_rewrite.c ./src/mod_rewrite.c
*** ../apache_1.2.5/src/mod_rewrite.c	Sun Aug 17 20:35:49 1997
--- ./src/mod_rewrite.c	Sat Jan 10 11:59:09 1998
***************
*** 885,896 ****
  
      /* add the canonical URI of this URL */
      thisserver = r->server->server_hostname;
! #ifdef APACHE_SSL
!     if (((!r->connection->client->ssl) && (r->server->port == DEFAULT_PORT)) ||
!          ((r->connection->client->ssl) && (r->server->port == 443)))
! #else
!     if (r->server->port == DEFAULT_PORT)
! #endif 
          thisport = "";
      else {
          ap_snprintf(buf, sizeof(buf), ":%u", r->server->port);
--- 885,891 ----
  
      /* add the canonical URI of this URL */
      thisserver = r->server->server_hostname;
!     if(is_default_port(r->server->port,r))
          thisport = "";
      else {
          ap_snprintf(buf, sizeof(buf), ":%u", r->server->port);
***************
*** 1658,1669 ****
                 && !(strlen(r->filename) > 6 &&
                      strncmp(r->filename, "ftp://", 6) == 0)    ) {
  
! #ifdef APACHE_SSL
!                 if ((!r->connection->client->ssl && r->server->port == DEFAULT_PORT) ||
!                     ( r->connection->client->ssl && r->server->port == 443)  )
! #else
!                 if (r->server->port == DEFAULT_PORT)
! #endif
                      port[0] = '\0';
                  else 
                      ap_snprintf(port, sizeof(port), ":%u", r->server->port);
--- 1653,1659 ----
                 && !(strlen(r->filename) > 6 &&
                      strncmp(r->filename, "ftp://", 6) == 0)    ) {
  
! 	        if(is_default_port(r->server->port,r))
                      port[0] = '\0';
                  else 
                      ap_snprintf(port, sizeof(port), ":%u", r->server->port);
***************
*** 1911,1917 ****
              EOS_PARANOIA(host);
              *cp = '/';
              /* set port */
!             port = DEFAULT_PORT;
              /* set remaining url */
              url = cp;
          }
--- 1901,1907 ----
              EOS_PARANOIA(host);
              *cp = '/';
              /* set port */
!             port = default_port(r);
              /* set remaining url */
              url = cp;
          }
***************
*** 1920,1926 ****
              strncpy(host, hostp, sizeof(host)-1);
              EOS_PARANOIA(host);
              /* set port */
!             port = DEFAULT_PORT;
              /* set remaining url */
              url = "/";
          }
--- 1910,1916 ----
              strncpy(host, hostp, sizeof(host)-1);
              EOS_PARANOIA(host);
              /* set port */
!             port = default_port(r);
              /* set remaining url */
              url = "/";
          }
diff -C3 -r ../apache_1.2.5/src/modules/proxy/proxy_util.c ./src/modules/proxy/proxy_util.c
*** ../apache_1.2.5/src/modules/proxy/proxy_util.c	Mon Jan  5 21:02:56 1998
--- ./src/modules/proxy/proxy_util.c	Sat Jan 10 11:59:10 1998
***************
*** 555,561 ****
  void
  proxy_hash(const char *it, char *val,int ndepth,int nlength)
  {
!     MD5_CTX context;
      unsigned char digest[16];
      char tmp[22];
      int i, k, d;
--- 555,561 ----
  void
  proxy_hash(const char *it, char *val,int ndepth,int nlength)
  {
!     APACHE_MD5_CTX context;
      unsigned char digest[16];
      char tmp[22];
      int i, k, d;
diff -C3 -r ../apache_1.2.5/src/util.c ./src/util.c
*** ../apache_1.2.5/src/util.c	Mon Jan  5 20:57:24 1998
--- ./src/util.c	Sat Jan 10 11:59:10 1998
***************
*** 796,806 ****
      else return OK;
  }
  
! char *construct_server(pool *p, const char *hostname, unsigned port) {
!     char portnum[22];		
  	/* Long enough, even if port > 16 bits for some reason */
    
!     if (port == DEFAULT_PORT)
  	return (char *)hostname;
      else {
          ap_snprintf (portnum, sizeof(portnum), "%u", port);
--- 796,807 ----
      else return OK;
  }
  
! char *construct_server(pool *p, const char *hostname, unsigned port, const request_rec *r) {
!     char portnum[22];
  	/* Long enough, even if port > 16 bits for some reason */
+     server_rec *s=r->server;
    
!     if (is_default_port(port, r))
  	return (char *)hostname;
      else {
          ap_snprintf (portnum, sizeof(portnum), "%u", port);
***************
*** 808,816 ****
      }
  }
  
! char *construct_url(pool *p, const char *uri, const server_rec *s) {
!     return pstrcat (p, "http://",
! 		    construct_server(p, s->server_hostname, s->port),
  		    uri, NULL);
  }
  
--- 809,818 ----
      }
  }
  
! char *construct_url(pool *p, const char *uri, const request_rec *r) {
!     server_rec *s=r->server;
!     return pstrcat (p, http_method(r), "://",
! 		    construct_server(p, s->server_hostname, s->port, r),
  		    uri, NULL);
  }
  
diff -C3 -r ../apache_1.2.5/src/util_md5.c ./src/util_md5.c
*** ../apache_1.2.5/src/util_md5.c	Wed Jan  1 18:10:46 1997
--- ./src/util_md5.c	Sat Jan 10 11:59:10 1998
***************
*** 84,90 ****
  
  char *md5 (pool *p, unsigned char *string)
  {
!     MD5_CTX my_md5;
      unsigned char hash[16];
      char *r, result[33];
      int i;
--- 84,90 ----
  
  char *md5 (pool *p, unsigned char *string)
  {
!     APACHE_MD5_CTX my_md5;
      unsigned char hash[16];
      char *r, result[33];
      int i;
***************
*** 149,155 ****
  static char basis_64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  
! char *md5contextTo64(pool *a, MD5_CTX *context)
  {
      unsigned char digest[18];
      char *encodedDigest;
--- 149,155 ----
  static char basis_64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  
! char *md5contextTo64(pool *a, APACHE_MD5_CTX *context)
  {
      unsigned char digest[18];
      char *encodedDigest;
***************
*** 176,182 ****
  
  char *md5digest(pool *p, FILE *infile)
  {
!     MD5_CTX context;
      unsigned char buf[1000];
      long length = 0;
      int nbytes;
--- 176,182 ----
  
  char *md5digest(pool *p, FILE *infile)
  {
!     APACHE_MD5_CTX context;
      unsigned char buf[1000];
      long length = 0;
      int nbytes;
diff -C3 -r ../apache_1.2.5/src/util_md5.h ./src/util_md5.h
*** ../apache_1.2.5/src/util_md5.h	Wed Jan  1 18:10:46 1997
--- ./src/util_md5.h	Sat Jan 10 11:59:10 1998
***************
*** 53,58 ****
  #include "md5.h"
  
  char *md5(pool *a, unsigned char *string);
! char *md5contextTo64(pool *p, MD5_CTX *context);
  char *md5digest(pool *p, FILE *infile);
  
--- 53,58 ----
  #include "md5.h"
  
  char *md5(pool *a, unsigned char *string);
! char *md5contextTo64(pool *p, APACHE_MD5_CTX *context);
  char *md5digest(pool *p, FILE *infile);
  
