diff -C3 -r ../apache_1.2.6/src/Configuration ./src/Configuration
*** ../apache_1.2.6/src/Configuration	Thu Feb 19 07:46:21 1998
--- ./src/Configuration	Fri Mar 27 18:06:38 1998
***************
*** 44,50 ****
  # REDHAT LINUX 5.0 USERS PLEASE NOTE!  You have to add -lcrypt to
  # EXTRA_LIBS.  This is fixed in 1.3 but will not be fixed in 1.2.
  #
! EXTRA_CFLAGS=
  EXTRA_LFLAGS=
  EXTRA_LIBS=
  EXTRA_INCLUDES=
--- 44,50 ----
  # REDHAT LINUX 5.0 USERS PLEASE NOTE!  You have to add -lcrypt to
  # EXTRA_LIBS.  This is fixed in 1.3 but will not be fixed in 1.2.
  #
! EXTRA_CFLAGS=-w3 -g
  EXTRA_LFLAGS=
  EXTRA_LIBS=
  EXTRA_INCLUDES=
***************
*** 53,58 ****
--- 53,72 ----
  #OPTIM=-O2
  #RANLIB=
  
+ TARGET=httpsd
+ 
+ #
+ # SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+ # installed version. This is because the paths differ between the source and
+ # the installed version.
+ #
+ SSL_BASE= /u/ben/work/scuzzy-ssleay8
+ SSL_INCLUDE= -I$(SSL_BASE)/include
+ SSL_CFLAGS= -DAPACHE_SSL $(SSL_INCLUDE)
+ SSL_LIB_DIR= $(SSL_BASE)
+ SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+ SSL_APP_DIR= $(SSL_BASE)/apps
+ 
  ################################################################
  # Rules configuration
  #
***************
*** 203,209 ****
  ## NOTE: You do not want this module UNLESS you are running a proxy;
  ##       it is not needed for normal (origin server) operation.
  
! # Module proxy_module        modules/proxy/libproxy.a
  
  ## The Alias module provides simple URL translation and redirection.
  
--- 217,223 ----
  ## NOTE: You do not want this module UNLESS you are running a proxy;
  ##       it is not needed for normal (origin server) operation.
  
! Module proxy_module        modules/proxy/libproxy.a
  
  ## The Alias module provides simple URL translation and redirection.
  
***************
*** 212,218 ****
  ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping,
  ## using regular expressions.
  
! # Module rewrite_module      mod_rewrite.o
  
  ##
  ## Access control and authentication modules. 
--- 226,232 ----
  ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping,
  ## using regular expressions.
  
! Module rewrite_module      mod_rewrite.o
  
  ##
  ## Access control and authentication modules. 
***************
*** 223,229 ****
  ## The anon_auth module allows for anonymous-FTP-style username/ 
  ## password authentication.
  
! # Module anon_auth_module    mod_auth_anon.o
  
  ## db_auth and dbm_auth work with Berkeley DB files - make sure there
  ## is support for DBM files on your system.  You may need to grab the GNU
--- 237,243 ----
  ## The anon_auth module allows for anonymous-FTP-style username/ 
  ## password authentication.
  
! Module anon_auth_module    mod_auth_anon.o
  
  ## db_auth and dbm_auth work with Berkeley DB files - make sure there
  ## is support for DBM files on your system.  You may need to grab the GNU
***************
*** 231,237 ****
  ## done by Configure at a later date)
  
  # Module db_auth_module      mod_auth_db.o
! # Module dbm_auth_module     mod_auth_dbm.o
  
  ## msql_auth checks against an mSQL database.  You must have mSQL installed
  ## and an "msql.h" available for this to even compile.  Additionally,
--- 245,251 ----
  ## done by Configure at a later date)
  
  # Module db_auth_module      mod_auth_db.o
! Module dbm_auth_module     mod_auth_dbm.o
  
  ## msql_auth checks against an mSQL database.  You must have mSQL installed
  ## and an "msql.h" available for this to even compile.  Additionally,
***************
*** 247,270 ****
  ## "digest" implements HTTP Digest Authentication rather than the less 
  ## secure Basic Auth used by the other modules.
  
! # Module digest_module       mod_digest.o
  
  ## Optional response header manipulation modules. 
  ##
  ## cern_meta mimics the behavior of the CERN web server with regards to 
  ## metainformation files.  
  
! # Module cern_meta_module    mod_cern_meta.o
  
  ## The expires module can apply Expires: headers to resources,
  ## as a function of access time or modification time.
  
! # Module expires_module      mod_expires.o
  
  ## The headers module can set arbitrary HTTP response headers,
  ## as configured in server, vhost, access.conf or .htaccess configs
  
! # Module headers_module      mod_headers.o
  
  ## Miscellaneous modules
  ##
--- 261,288 ----
  ## "digest" implements HTTP Digest Authentication rather than the less 
  ## secure Basic Auth used by the other modules.
  
! Module digest_module       mod_digest.o
  
  ## Optional response header manipulation modules. 
  ##
  ## cern_meta mimics the behavior of the CERN web server with regards to 
  ## metainformation files.  
  
! Module cern_meta_module    mod_cern_meta.o
  
  ## The expires module can apply Expires: headers to resources,
  ## as a function of access time or modification time.
  
! Module expires_module      mod_expires.o
  
  ## The headers module can set arbitrary HTTP response headers,
  ## as configured in server, vhost, access.conf or .htaccess configs
  
! Module headers_module      mod_headers.o
! 
! # Damn damn damn. Apache inverts the module list. SSL must go first to fake
! # basic authorization. So, uncomment this line to add SSL.
! Module ssl_module apache_ssl.o
  
  ## Miscellaneous modules
  ##
***************
*** 276,282 ****
  ## You do not need this, or any other module to allow your site
  ## to use Cookies.  This module is for user tracking only
  
! # Module usertrack_module      mod_usertrack.o
  
  ## The example module, which demonstrates the use of the API.  See
  ## the file modules/example/README for details.  This module should
--- 294,300 ----
  ## You do not need this, or any other module to allow your site
  ## to use Cookies.  This module is for user tracking only
  
! Module usertrack_module      mod_usertrack.o
  
  ## The example module, which demonstrates the use of the API.  See
  ## the file modules/example/README for details.  This module should
diff -C3 -r ../apache_1.2.6/src/Configuration.tmpl ./src/Configuration.tmpl
*** ../apache_1.2.6/src/Configuration.tmpl	Fri Jan 30 09:13:44 1998
--- ./src/Configuration.tmpl	Fri Mar 27 18:06:38 1998
***************
*** 53,58 ****
--- 53,70 ----
  #OPTIM=-O2
  #RANLIB=
  
+ TARGET=httpsd
+ 
+ #
+ # SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+ # installed version.
+ #
+ SSL_BASE=/u/ben/work/scuzzy-ssleay6
+ SSL_INCLUDE= -I$(SSL_BASE)/include
+ SSL_CFLAGS= -DAPACHE_SSL $(SSL_INCLUDE)
+ SSL_LIB_DIR= $(SSL_BASE)
+ SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+ 
  ################################################################
  # Rules configuration
  #
***************
*** 265,270 ****
--- 277,286 ----
  ## as configured in server, vhost, access.conf or .htaccess configs
  
  # Module headers_module      mod_headers.o
+ 
+ # Damn damn damn. Apache inverts the module list. SSL must go first to fake
+ # basic authorization. So, uncomment this line to add SSL.
+ Module ssl_module apache_ssl.o
  
  ## Miscellaneous modules
  ##
diff -C3 -r ../apache_1.2.6/src/Makefile.tmpl ./src/Makefile.tmpl
*** ../apache_1.2.6/src/Makefile.tmpl	Fri Jan 30 09:13:46 1998
--- ./src/Makefile.tmpl	Fri Mar 27 18:15:14 1998
***************
*** 11,22 ****
  OBJS= alloc.o http_main.o http_core.o http_config.o http_request.o \
    http_log.o http_protocol.o rfc1413.o util.o util_script.o modules.o buff.o\
    md5c.o util_md5.o explain.o http_bprintf.o util_date.o util_snprintf.o\
    $(MODULES)
  
  .c.o:
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $<
! 
! all: @@Configuration@@ httpd
  
  @@Configuration@@: Configuration.tmpl
  	@echo "@@Configuration@@ older than Configuration.tmpl, or doesn't exist."
--- 11,22 ----
  OBJS= alloc.o http_main.o http_core.o http_config.o http_request.o \
    http_log.o http_protocol.o rfc1413.o util.o util_script.o modules.o buff.o\
    md5c.o util_md5.o explain.o http_bprintf.o util_date.o util_snprintf.o\
+   gcacheclient.o gcachecommon.o\
    $(MODULES)
  
  .c.o:
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $(SSL_CFLAGS) $<
! all: @@Configuration@@ $(TARGET) gcache
  
  @@Configuration@@: Configuration.tmpl
  	@echo "@@Configuration@@ older than Configuration.tmpl, or doesn't exist."
***************
*** 28,42 ****
  httpd: $(REGLIB) $(OBJS)
  	$(CC) $(LFLAGS)  -o httpd $(OBJS) $(REGLIB) $(LIBS)
  
  regex/libregex.a:
  	(cd regex; $(MAKE) lib CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)')
  
  modules/last-built:
  	(cd modules; \
! 	$(MAKE) CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)')
  
  clean:
! 	rm -f httpd *.o core
  	cd regex; $(MAKE) clean
  	cd modules; $(MAKE) clean
  
--- 28,61 ----
  httpd: $(REGLIB) $(OBJS)
  	$(CC) $(LFLAGS)  -o httpd $(OBJS) $(REGLIB) $(LIBS)
  
+ httpsd: $(REGLIB) $(OBJS)
+ 	$(CC) $(LFLAGS) -o httpsd $(OBJS) $(REGLIB) $(SSL_LIBS) $(LIBS)
+ 
+ gcache.o gcachecommon.o gcacheclient.o apache_ssl.o: gcache.h
+ 
+ gcache: gcache.o gcachecommon.o
+ 	$(CC) $(LFLAGS) -o gcache gcache.o gcachecommon.o $(LIBS)
+ 
+ certificate:
+ 	$(SSL_APP_DIR)/ssleay req -config $(SSL_APP_DIR)/ssleay.cnf \
+ 	-new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \
+ 	-keyout ../SSLconf/conf/httpsd.pem; \
+ 	ln -sf ../SSLconf/conf/httpsd.pem ../SSLconf/conf/`$(SSL_APP_DIR)/ssleay \
+ 	x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0
+ 
  regex/libregex.a:
  	(cd regex; $(MAKE) lib CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)')
  
  modules/last-built:
  	(cd modules; \
! 	$(MAKE) CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' \
! 	SSL_BASE='$(SSL_BASE)' SSL_INCLUDE='$(SSL_INCLUDE)' \
! 	SSL_CFLAGS='$(SSL_CFLAGS)' SSL_LIB_DIR='$(SSL_LIB_DIR)' \
! 	SSL_LIBS='$(SSL_LIBS)' SSL_APP_DIR='$(SSL_APP_DIR)' \
! 	)
  
  clean:
! 	rm -f httpd httpsd *.o core
  	cd regex; $(MAKE) clean
  	cd modules; $(MAKE) clean
  
***************
*** 49,55 ****
  
  # Work around broken compilers
  http_bprintf.o: http_bprintf.c
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(BROKEN_BPRINTF_FLAGS) http_bprintf.c
  
  # We really don't expect end users to use this rule.  It works only with
  # gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
--- 68,74 ----
  
  # Work around broken compilers
  http_bprintf.o: http_bprintf.c
! 	$(CC) -c $(INCLUDES) $(CFLAGS) $(BROKEN_BPRINTF_FLAGS) $(SSL_CFLAGS) http_bprintf.c
  
  # We really don't expect end users to use this rule.  It works only with
  # gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
diff -C3 -r ../apache_1.2.6/src/buff.c ./src/buff.c
*** ../apache_1.2.6/src/buff.c	Sat Feb  7 10:26:12 1998
--- ./src/buff.c	Fri Mar 27 18:06:39 1998
***************
*** 147,152 ****
--- 147,157 ----
      fb->fd = -1;
      fb->fd_in = -1;
  
+ #ifdef APACHE_SSL
+     fb->ssl = NULL;
+     fb->szClientX509 = NULL;
+ #endif
+ 
      return fb;
  }
  
***************
*** 329,334 ****
--- 334,344 ----
  	}
      }
      do {
+ #ifdef APACHE_SSL
+       if (fb->ssl)
+ 	rv = SSL_read(fb->ssl, buf, nbyte);
+       else
+ #endif
  	rv = read( fb->fd_in, buf, nbyte );
      } while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
      return( rv );
***************
*** 626,632 ****
  	return -1;
  
      while (nbyte > 0) {
! 	i = write(fb->fd, buf, nbyte);
  	if (i < 0) {
  	    if (errno != EAGAIN && errno != EINTR) {
  		doerror (fb, B_WR);
--- 636,647 ----
  	return -1;
  
      while (nbyte > 0) {
! #ifdef APACHE_SSL
!       if (fb->ssl)
! 	i = SSL_write(fb->ssl, buf, nbyte);
!       else
! #endif
! 	i = write(fb->fd, buf, nbyte );
  	if (i < 0) {
  	    if (errno != EAGAIN && errno != EINTR) {
  		doerror (fb, B_WR);
***************
*** 664,670 ****
  	return -1;
  
      if (!(fb->flags & B_CHUNK)) {
! 	do rv = write(fb->fd, buf, nbyte);
  	while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
  	if (rv == -1) {
  	    if (errno != EAGAIN) {
--- 679,691 ----
  	return -1;
  
      if (!(fb->flags & B_CHUNK)) {
! 	do
! #ifdef APACHE_SSL
! 	    if(fb->ssl)
! 		rv = SSL_write(fb->ssl, buf, nbyte);
! 	    else
! #endif
! 		rv = write(fb->fd, buf, nbyte);
  	while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
  	if (rv == -1) {
  	    if (errno != EAGAIN) {
***************
*** 677,683 ****
  	return rv;
      }
  
! #ifdef NO_WRITEV
      /* without writev() this has poor performance, too bad */
  
      ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
--- 698,704 ----
  	return rv;
      }
  
! #if defined(NO_WRITEV) || defined(APACHE_SSL)
      /* without writev() this has poor performance, too bad */
  
      ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
***************
*** 801,806 ****
--- 822,832 ----
  	    break;
  	}
  	do {
+ #ifdef APACHE_SSL
+ 	if(fb->ssl)
+ 	    i=SSL_write(fb->ssl, fb->outbase, fb->outcnt);
+ 	else
+ #endif
  	    i = write(fb->fd, fb->outbase, fb->outcnt);
  	} while (i == -1 && errno == EINTR && !(fb->flags & B_EOUT));
  	if (i <= 0) {
***************
*** 871,876 ****
--- 897,907 ----
      while (fb->outcnt > 0)
      {
  	do {
+ #ifdef APACHE_SSL
+ 	if(fb->ssl)
+ 	    i = SSL_write(fb->ssl, fb->outbase, fb->outcnt);
+ 	else
+ #endif
  	    i = write(fb->fd, fb->outbase, fb->outcnt);
  	} while ((i <= 0)
  	         && !(fb->flags & B_EOUT)
***************
*** 955,960 ****
--- 986,998 ----
      fb->flags |= B_EOF | B_EOUT;
      fb->fd = -1;
      fb->fd_in = -1;
+ 
+ #ifdef APACHE_SSL
+     if (fb->ssl) {
+ 	SSL_free(fb->ssl);
+ 	fb->ssl = NULL;
+     }
+ #endif
  
      if (rc1 != 0) return rc1;
      else if (rc2 != 0) return rc2;
diff -C3 -r ../apache_1.2.6/src/buff.h ./src/buff.h
*** ../apache_1.2.6/src/buff.h	Sat Feb  7 10:12:20 1998
--- ./src/buff.h	Fri Mar 27 18:06:39 1998
***************
*** 52,57 ****
--- 52,62 ----
  
  #include <stdarg.h>
  
+ #ifdef APACHE_SSL
+ #include <stdio.h>
+ #include <ssl.h>
+ #endif
+ 
  /* Reading is buffered */
  #define B_RD     (1)
  /* Writing is buffered */
***************
*** 96,101 ****
--- 101,113 ----
  /* could also put pointers to the basic I/O routines here */
      int fd;                /* the file descriptor */
      int fd_in;             /* input file descriptor, if different */
+ 
+ #ifdef APACHE_SSL
+     /* Add some context for SSL */
+     SSL *ssl;
+     char *szClientX509;
+     int nVerifyError;
+ #endif
  };
  
  /* Options to bset/getopt */
diff -C3 -r ../apache_1.2.6/src/http_config.c ./src/http_config.c
*** ../apache_1.2.6/src/http_config.c	Sun Feb  1 02:47:38 1998
--- ./src/http_config.c	Fri Mar 27 18:06:39 1998
***************
*** 1058,1064 ****
--- 1058,1068 ----
  {
      server_rec *s = (server_rec *)pcalloc (p, sizeof (server_rec));
  
+ #ifdef APACHE_SSL
+     s->port=0;
+ #else
      s->port = DEFAULT_PORT;
+ #endif
      s->server_admin = DEFAULT_ADMIN;
      s->server_hostname = NULL; 
      s->error_fname = DEFAULT_ERRORLOG;
***************
*** 1096,1101 ****
--- 1100,1107 ----
      process_resource_config (s, s->access_confname, p, ptemp);
      
      fixup_virtual_hosts (p, s);
+ 
+     default_server_hostnames(s);
      
      return s;
  }
diff -C3 -r ../apache_1.2.6/src/http_main.c ./src/http_main.c
*** ../apache_1.2.6/src/http_main.c	Tue Feb 17 01:45:58 1998
--- ./src/http_main.c	Fri Mar 27 18:06:39 1998
***************
*** 1926,1931 ****
--- 1926,1941 ----
  				       (struct sockaddr_in *)&sa_server,
  				       child_num);
  
+ #ifdef APACHE_SSL
+ 	/* 
+ 	 * This returns false if the connection cannot be setup,
+ 	 * so maybe we should do something with this here...
+ 	 * however it also blocks the BUFF connections
+ 	 * so the next bit should fall out anyway!
+ 	 */
+ 	ApacheSSLSetupConnection(current_conn);
+ #endif
+ 
          /*
           * Read and process each request found on our connection
           * until no requests are left or we decide to close.
***************
*** 2204,2209 ****
--- 2214,2220 ----
  {
      struct sockaddr_in sa_server;
      int saved_sd;
+     static BOOL bFirst=TRUE;
      int remaining_children_to_start;
  
      standalone = 1;
***************
*** 2225,2234 ****
  	    kill_cleanups_for_fd (pconf, scoreboard_fd);
  	}
  #endif
! 	clear_pool (pconf);
! 	ptrans = make_sub_pool (pconf);
  
! 	server_conf = read_config (pconf, ptrans, server_confname); 
  
  	if (listeners == NULL) {
  	    if (!is_graceful) {
--- 2236,2248 ----
  	    kill_cleanups_for_fd (pconf, scoreboard_fd);
  	}
  #endif
! 	if(!bFirst)
! 	    {
! 	    clear_pool (pconf);
! 	    ptrans = make_sub_pool (pconf);
  
! 	    server_conf = read_config (pconf, ptrans, server_confname); 
! 	    }
  
  	if (listeners == NULL) {
  	    if (!is_graceful) {
***************
*** 2263,2269 ****
  	    sd = -1;
  	}
  
! 	init_modules (pconf, server_conf);
  	open_logs (server_conf, pconf);
  	set_group_privs ();
  	accept_mutex_init (pconf);
--- 2277,2295 ----
  	    sd = -1;
  	}
  
! 	if(!bFirst)
! 	    init_modules (pconf, server_conf);
! 	else
! 	    bFirst=FALSE;
! 	/* This just gets nastier and nastier, but I see little point in
! 	   trying to fix it before 2.0. Ben 25/1/98
! 	   BTW, the reason you have to do this is so that gcache is in the same
! 	   process group as Apache, so it dies when we do.
! 	   Hmmm ... so that means that log processes are not working right with
! 	   Apache-SSL. Arggg. Need a better way to do this.
! 	 */
! 	LaunchGlobalCache(pconf);
! 
  	open_logs (server_conf, pconf);
  	set_group_privs ();
  	accept_mutex_init (pconf);
***************
*** 2277,2283 ****
  	}
  #endif
  
! 	default_server_hostnames (server_conf);
  
  	set_signals ();
  	log_pid (pconf, pid_fname);
--- 2303,2309 ----
  	}
  #endif
  
! 	/*	default_server_hostnames (server_conf);*/
  
  	set_signals ();
  	log_pid (pconf, pid_fname);
***************
*** 2492,2498 ****
      init_modules (pconf, server_conf);
      
      if(standalone) {
!         clear_pool (pconf);	/* standalone_main rereads... */
          standalone_main(argc, argv);
      }
      else {
--- 2518,2524 ----
      init_modules (pconf, server_conf);
      
      if(standalone) {
!     /*        clear_pool (pconf);	/* standalone_main rereads... */
          standalone_main(argc, argv);
      }
      else {
diff -C3 -r ../apache_1.2.6/src/http_protocol.c ./src/http_protocol.c
*** ../apache_1.2.6/src/http_protocol.c	Tue Feb  3 09:53:49 1998
--- ./src/http_protocol.c	Fri Mar 27 18:12:46 1998
***************
*** 556,563 ****
    server_addr_rec * sar;
  
    /* This routine parses full URLs, if they match the server */
!   if (strncasecmp(uri, "http://", 7)) return uri;
!   name = pstrdup(r->pool, uri + 7);
    
    /* Find the hostname, assuming a valid request */
    i = ind(name, '/');
--- 556,567 ----
    server_addr_rec * sar;
  
    /* This routine parses full URLs, if they match the server */
!   char *method=http_method(r);
!   int mlen=strlen(method);
! 
!   if(strncasecmp(uri,method,mlen) || strncmp(uri+mlen,"://",3))
!       return uri;
!   name = pstrdup(r->pool, uri + mlen+3);
    
    /* Find the hostname, assuming a valid request */
    i = ind(name, '/');
***************
*** 566,572 ****
    /* Find the port */
    host = getword_nc(r->pool, &name, ':');
    if (*name) port = atoi(name);
!   else port = 80;
  
    /* Make sure ports patch */
    if (port != r->server->port) {
--- 570,576 ----
    /* Find the port */
    host = getword_nc(r->pool, &name, ':');
    if (*name) port = atoi(name);
!   else port=default_port(r);
  
    /* Make sure ports patch */
    if (port != r->server->port) {
***************
*** 579,585 ****
  
    /* Save it for later use */
    r->hostname = pstrdup(r->pool, host);
!   r->hostlen = 7 + i;
  
    /* The easy cases first */
    if (!strcasecmp(host, r->server->server_hostname)) {
--- 583,589 ----
  
    /* Save it for later use */
    r->hostname = pstrdup(r->pool, host);
!   r->hostlen = mlen+3 + i;
  
    /* The easy cases first */
    if (!strcasecmp(host, r->server->server_hostname)) {
***************
*** 694,700 ****
  {
    const char *hostname=r->hostname;
    char *host = getword(r->pool, &hostname, ':');	/* Get rid of port */
!   unsigned port = (*hostname) ? atoi(hostname) : 80;
    server_rec *s = r->server;
    server_addr_rec * sar;
    int l;
--- 698,704 ----
  {
    const char *hostname=r->hostname;
    char *host = getword(r->pool, &hostname, ':');	/* Get rid of port */
!   unsigned port = (*hostname) ? atoi(hostname) : default_port(r);
    server_rec *s = r->server;
    server_addr_rec * sar;
    int l;
diff -C3 -r ../apache_1.2.6/src/httpd.h ./src/httpd.h
*** ../apache_1.2.6/src/httpd.h	Thu Feb 19 07:42:59 1998
--- ./src/httpd.h	Fri Mar 27 18:08:12 1998
***************
*** 99,107 ****
   */
  
  
! /* -------------- Port number for server running standalone --------------- */
! 
! #define DEFAULT_PORT 80
  
  /* --------- Default user name and group name running standalone ---------- */
  /* --- These may be specified as numbers by placing a # before a number --- */
--- 99,117 ----
   */
  
  
! /* -------------- Port number and protocol for server running standalone -- */
! #ifdef APACHE_SSL
! #define HTTP_PORT	80
! #define HTTPS_PORT	443
! #define default_port(r)		((r)->connection->client->ssl ? HTTPS_PORT : HTTP_PORT)
! #define is_default_port(port,r)	((port) == default_port(r))
! #define http_method(r)		((r)->connection->client->ssl ? "https" : "http")
! #else
! #define	DEFAULT_PORT	80
! #define	default_port(r)		DEFAULT_PORT
! #define is_default_port(port,r)	((port) == DEFAULT_PORT)
! #define http_method(r)	"http"
! #endif
  
  /* --------- Default user name and group name running standalone ---------- */
  /* --- These may be specified as numbers by placing a # before a number --- */
***************
*** 274,280 ****
--- 284,294 ----
   * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
   */
  
+ #ifdef APACHE_SSL
+ #define SERVER_BASEVERSION "Apache/1.2.6 Ben-SSL/1.15" /* SEE COMMENTS ABOVE */
+ #else
  #define SERVER_BASEVERSION "Apache/1.2.6" /* SEE COMMENTS ABOVE */
+ #endif
  #ifdef SERVER_SUBVERSION
  #define SERVER_VERSION	SERVER_BASEVERSION " " SERVER_SUBVERSION
  #else
***************
*** 598,603 ****
--- 612,626 ----
  #define DEFAULT_VHOST_ADDR 0xfffffffful
  
  typedef struct server_addr_rec server_addr_rec;
+ 
+ typedef unsigned int BOOL;
+ #define TRUE 		1
+ #define FALSE 		0
+ 
+ #ifdef APACHE_SSL
+ int ApacheSSLSetupConnection(conn_rec *conn);
+ void LaunchGlobalCache(pool *pPool);
+ #endif
  struct server_addr_rec {
      server_addr_rec *next;
      struct in_addr host_addr;	/* The bound address, for this server */
***************
*** 698,705 ****
  char *os_escape_path(pool *p,const char *path,int partial);
  #define escape_uri(ppool,path) os_escape_path(ppool,path,1)
  extern char *escape_html(pool *p, const char *s);
! char *construct_server(pool *p, const char *hostname, unsigned port);
! char *construct_url (pool *p, const char *path, const server_rec *s);     
  char *escape_shell_cmd (pool *p, const char *s);
       
  int count_dirs(const char *path);
--- 721,728 ----
  char *os_escape_path(pool *p,const char *path,int partial);
  #define escape_uri(ppool,path) os_escape_path(ppool,path,1)
  extern char *escape_html(pool *p, const char *s);
! char *construct_server(pool *p, const char *hostname, unsigned port, const request_rec *r);
! char *construct_url (pool *p, const char *path, const request_rec *r);
  char *escape_shell_cmd (pool *p, const char *s);
       
  int count_dirs(const char *path);
diff -C3 -r ../apache_1.2.6/src/md5.h ./src/md5.h
*** ../apache_1.2.6/src/md5.h	Wed Jan  1 18:10:23 1997
--- ./src/md5.h	Fri Mar 27 18:06:40 1998
***************
*** 91,99 ****
    UINT4 state[4];                                   /* state (ABCD) */
    UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
    unsigned char buffer[64];                         /* input buffer */
! } MD5_CTX;
  
! extern void MD5Init(MD5_CTX *context);
! extern void MD5Update(MD5_CTX *context, const unsigned char *input,
  		      unsigned int inputLen);
! extern void MD5Final(unsigned char digest[16], MD5_CTX *context);
--- 91,99 ----
    UINT4 state[4];                                   /* state (ABCD) */
    UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
    unsigned char buffer[64];                         /* input buffer */
! } APACHE_MD5_CTX;
  
! extern void MD5Init(APACHE_MD5_CTX *context);
! extern void MD5Update(APACHE_MD5_CTX *context, const unsigned char *input,
  		      unsigned int inputLen);
! extern void MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context);
diff -C3 -r ../apache_1.2.6/src/md5c.c ./src/md5c.c
*** ../apache_1.2.6/src/md5c.c	Wed Jan  1 18:10:24 1997
--- ./src/md5c.c	Fri Mar 27 18:06:40 1998
***************
*** 158,164 ****
  /* MD5 initialization. Begins an MD5 operation, writing a new context.
   */
  void
! MD5Init(MD5_CTX *context)
  {
      context->count[0] = context->count[1] = 0;
    /* Load magic initialization constants. */
--- 158,164 ----
  /* MD5 initialization. Begins an MD5 operation, writing a new context.
   */
  void
! MD5Init(APACHE_MD5_CTX *context)
  {
      context->count[0] = context->count[1] = 0;
    /* Load magic initialization constants. */
***************
*** 173,179 ****
    context.
   */
  void
! MD5Update(MD5_CTX *context, const unsigned char *input, unsigned int inputLen)
  {
      unsigned int i, index, partLen;
  
--- 173,179 ----
    context.
   */
  void
! MD5Update(APACHE_MD5_CTX *context, const unsigned char *input, unsigned int inputLen)
  {
      unsigned int i, index, partLen;
  
***************
*** 209,215 ****
    the message digest and zeroizing the context.
   */
  void
! MD5Final(unsigned char digest[16], MD5_CTX *context)
  {
      unsigned char bits[8];
      unsigned int index, padLen;
--- 209,215 ----
    the message digest and zeroizing the context.
   */
  void
! MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context)
  {
      unsigned char bits[8];
      unsigned int index, padLen;
diff -C3 -r ../apache_1.2.6/src/mod_auth.c ./src/mod_auth.c
*** ../apache_1.2.6/src/mod_auth.c	Thu Apr 24 10:16:54 1997
--- ./src/mod_auth.c	Fri Mar 27 18:06:40 1998
***************
*** 70,76 ****
--- 70,82 ----
  #include "http_log.h"
  #include "http_protocol.h"
  #if defined(HAVE_CRYPT_H)
+ #if defined(APACHE_SSL)
+ #define des_encrypt	BASE_des_encrypt
  #include <crypt.h>
+ #undef des_encrypt
+ #else
+ #include <crypt.h>
+ #endif /* APACHE_SSL */
  #endif
  
  typedef struct auth_config_struct {
diff -C3 -r ../apache_1.2.6/src/mod_dir.c ./src/mod_dir.c
*** ../apache_1.2.6/src/mod_dir.c	Sun Feb  1 02:47:40 1998
--- ./src/mod_dir.c	Fri Mar 27 18:06:41 1998
***************
*** 810,816 ****
  			 "/", NULL);
  
  	table_set (r->headers_out, "Location",
! 		   construct_url(r->pool, ifile, r->server)); 
  	return HTTP_MOVED_PERMANENTLY;
      }
  
--- 810,816 ----
  			 "/", NULL);
  
  	table_set (r->headers_out, "Location",
! 		   construct_url(r->pool, ifile, r)); 
  	return HTTP_MOVED_PERMANENTLY;
      }
  
diff -C3 -r ../apache_1.2.6/src/mod_imap.c ./src/mod_imap.c
*** ../apache_1.2.6/src/mod_imap.c	Fri Jan 30 09:14:05 1998
--- ./src/mod_imap.c	Fri Mar 27 18:06:41 1998
***************
*** 382,388 ****
      char *my_base;
  
      if (!strcasecmp(value, "map") || !strcasecmp(value, "menu")) {
! 	return construct_url(r->pool, r->uri, r->server);
      }
  
      if (!strcasecmp(value, "nocontent") || !strcasecmp(value, "error")) {
--- 382,388 ----
      char *my_base;
  
      if (!strcasecmp(value, "map") || !strcasecmp(value, "menu")) {
! 	return construct_url(r->pool, r->uri, r);
      }
  
      if (!strcasecmp(value, "nocontent") || !strcasecmp(value, "error")) {
***************
*** 418,424 ****
  	    return pstrdup(r->pool, value); /* no base: use what is given */
          }
  	/* no base, no value: pick a simple default */
! 	return construct_url(r->pool, "/", r->server);
      }
  
      /* must be a relative URL to be combined with base */
--- 418,424 ----
  	    return pstrdup(r->pool, value); /* no base: use what is given */
          }
  	/* no base, no value: pick a simple default */
! 	return construct_url(r->pool, "/", r);
      }
  
      /* must be a relative URL to be combined with base */
diff -C3 -r ../apache_1.2.6/src/mod_log_config.c ./src/mod_log_config.c
*** ../apache_1.2.6/src/mod_log_config.c	Sun May  4 20:47:47 1997
--- ./src/mod_log_config.c	Fri Mar 27 18:06:41 1998
***************
*** 118,123 ****
--- 118,132 ----
   * %...l:  remote logname (from identd, if supplied)
   * %...{Foobar}n:  The contents of note "Foobar" from another module.
   * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
+  *
+  * Additional SSL directives:
+  *
+  * %...{cipher}c:  cipher used (SSL_get_cipher)
+  * %...{clientcert}c: client certificate information
+  * %...{errcode}c: X509 verify error code
+  * %...{errstr}c: X509 verify error string
+  * %...{version}c: SSL version (SSLeay 0.8.0 and above)
+  *
   * %...p:  the port the request was served to
   * %...P:  the process ID of the child that serviced the request.
   * %...r:  first line of request
***************
*** 162,167 ****
--- 171,180 ----
  #include "http_config.h"
  #include "http_core.h" /* For REMOTE_NAME */
  
+ #ifdef APACHE_SSL
+ #include <crypto.h>
+ #endif
+ 
  module config_log_module;
  
  static int xfer_flags = ( O_WRONLY | O_APPEND | O_CREAT );
***************
*** 340,345 ****
--- 353,363 ----
      ap_snprintf(pidnum, sizeof(pidnum), "%ld", (long)getpid());
      return pstrdup(r->pool, pidnum);
  }
+ 
+ #ifdef APACHE_SSL
+ extern char *log_ssl_info(request_rec *r, char *a);
+ #endif
+ 
  /*****************************************************************
   *
   * Parsing the log format string
***************
*** 367,372 ****
--- 385,393 ----
      { 'v', log_virtual_host, 0 },
      { 'p', log_server_port, 0 },
      { 'P', log_child_pid, 0 },
+ #ifdef APACHE_SSL
+     { 'c', log_ssl_info, 0 },
+ #endif
      { '\0' }
  };
  
***************
*** 487,492 ****
--- 508,560 ----
      return a;
  }
  
+ #ifdef APACHE_SSL
+ char *log_ssl_info(request_rec *r, char *a)
+     {
+     char str[MAX_STRING_LEN];
+ 
+     if(!r->connection->client->ssl)
+ 	return NULL;
+ 
+     if(!strcmp(a, "cipher"))
+ 	return SSL_get_cipher(r->connection->client->ssl);
+ 
+     if(!strcmp(a, "clientcert"))
+ 	return r->connection->client->szClientX509;
+ 
+     if(!strcmp(a, "errcode"))
+ 	if(r->connection->client->nVerifyError)
+ 	    {
+ 	    sprintf(str, "%d", r->connection->client->nVerifyError);
+ 	    return pstrdup(r->pool,str);
+ 	    }
+ 	else
+ 	    return NULL;
+ 
+     if(!strcmp(a, "errstr"))
+ 	if(r->connection->client->nVerifyError)
+ #if SSLEAY_VERSION_NUMBER < 0x0800
+ 	    return X509_cert_verify_error_string(r->connection->client->nVerifyError);
+ #else
+ 	    return X509_verify_cert_error_string(r->connection->client->nVerifyError);
+ #endif
+ 	else
+ 	    return NULL;
+ 
+ #if SSLEAY_VERSION_NUMBER >= 0x0800
+     if(!strcmp(a, "version"))
+ 	{
+ 	static char v[2];
+ 
+ 	v[0]='0'+r->connection->client->ssl->session->ssl_version;
+ 	v[1]='\0';
+ 	return v;
+ 	}
+ #endif
+     
+     return NULL;
+ }
+ #endif
  /*****************************************************************
   *
   * Actually logging.
diff -C3 -r ../apache_1.2.6/src/mod_rewrite.c ./src/mod_rewrite.c
*** ../apache_1.2.6/src/mod_rewrite.c	Sat Feb 14 02:51:37 1998
--- ./src/mod_rewrite.c	Fri Mar 27 18:06:41 1998
***************
*** 885,896 ****
  
      /* add the canonical URI of this URL */
      thisserver = r->server->server_hostname;
! #ifdef APACHE_SSL
!     if (((!r->connection->client->ssl) && (r->server->port == DEFAULT_PORT)) ||
!          ((r->connection->client->ssl) && (r->server->port == 443)))
! #else
!     if (r->server->port == DEFAULT_PORT)
! #endif 
          thisport = "";
      else {
          ap_snprintf(buf, sizeof(buf), ":%u", r->server->port);
--- 885,891 ----
  
      /* add the canonical URI of this URL */
      thisserver = r->server->server_hostname;
!     if(is_default_port(r->server->port,r))
          thisport = "";
      else {
          ap_snprintf(buf, sizeof(buf), ":%u", r->server->port);
***************
*** 1659,1670 ****
                 && !(strlen(r->filename) > 6 &&
                      strncasecmp(r->filename, "ftp://", 6) == 0)    ) {
  
! #ifdef APACHE_SSL
!                 if ((!r->connection->client->ssl && r->server->port == DEFAULT_PORT) ||
!                     ( r->connection->client->ssl && r->server->port == 443)  )
! #else
!                 if (r->server->port == DEFAULT_PORT)
! #endif
                      port[0] = '\0';
                  else 
                      ap_snprintf(port, sizeof(port), ":%u", r->server->port);
--- 1654,1660 ----
                 && !(strlen(r->filename) > 6 &&
                      strncasecmp(r->filename, "ftp://", 6) == 0)    ) {
  
! 	        if(is_default_port(r->server->port,r))
                      port[0] = '\0';
                  else 
                      ap_snprintf(port, sizeof(port), ":%u", r->server->port);
***************
*** 1912,1918 ****
              EOS_PARANOIA(host);
              *cp = '/';
              /* set port */
!             port = DEFAULT_PORT;
              /* set remaining url */
              url = cp;
          }
--- 1902,1908 ----
              EOS_PARANOIA(host);
              *cp = '/';
              /* set port */
!             port = default_port(r);
              /* set remaining url */
              url = cp;
          }
***************
*** 1921,1927 ****
              strncpy(host, hostp, sizeof(host)-1);
              EOS_PARANOIA(host);
              /* set port */
!             port = DEFAULT_PORT;
              /* set remaining url */
              url = "/";
          }
--- 1911,1917 ----
              strncpy(host, hostp, sizeof(host)-1);
              EOS_PARANOIA(host);
              /* set port */
!             port = default_port(r);
              /* set remaining url */
              url = "/";
          }
diff -C3 -r ../apache_1.2.6/src/modules/proxy/proxy_util.c ./src/modules/proxy/proxy_util.c
*** ../apache_1.2.6/src/modules/proxy/proxy_util.c	Fri Jan 30 09:14:28 1998
--- ./src/modules/proxy/proxy_util.c	Fri Mar 27 18:06:42 1998
***************
*** 555,561 ****
  void
  proxy_hash(const char *it, char *val,int ndepth,int nlength)
  {
!     MD5_CTX context;
      unsigned char digest[16];
      char tmp[22];
      int i, k, d;
--- 555,561 ----
  void
  proxy_hash(const char *it, char *val,int ndepth,int nlength)
  {
!     APACHE_MD5_CTX context;
      unsigned char digest[16];
      char tmp[22];
      int i, k, d;
diff -C3 -r ../apache_1.2.6/src/util.c ./src/util.c
*** ../apache_1.2.6/src/util.c	Sun Feb  1 02:47:42 1998
--- ./src/util.c	Fri Mar 27 18:06:42 1998
***************
*** 796,806 ****
      else return OK;
  }
  
! char *construct_server(pool *p, const char *hostname, unsigned port) {
!     char portnum[22];		
  	/* Long enough, even if port > 16 bits for some reason */
    
!     if (port == DEFAULT_PORT)
  	return (char *)hostname;
      else {
          ap_snprintf (portnum, sizeof(portnum), "%u", port);
--- 796,807 ----
      else return OK;
  }
  
! char *construct_server(pool *p, const char *hostname, unsigned port, const request_rec *r) {
!     char portnum[22];
  	/* Long enough, even if port > 16 bits for some reason */
+     server_rec *s=r->server;
    
!     if (is_default_port(port, r))
  	return (char *)hostname;
      else {
          ap_snprintf (portnum, sizeof(portnum), "%u", port);
***************
*** 808,816 ****
      }
  }
  
! char *construct_url(pool *p, const char *uri, const server_rec *s) {
!     return pstrcat (p, "http://",
! 		    construct_server(p, s->server_hostname, s->port),
  		    uri, NULL);
  }
  
--- 809,818 ----
      }
  }
  
! char *construct_url(pool *p, const char *uri, const request_rec *r) {
!     server_rec *s=r->server;
!     return pstrcat (p, http_method(r), "://",
! 		    construct_server(p, s->server_hostname, s->port, r),
  		    uri, NULL);
  }
  
diff -C3 -r ../apache_1.2.6/src/util_md5.c ./src/util_md5.c
*** ../apache_1.2.6/src/util_md5.c	Wed Jan  1 18:10:46 1997
--- ./src/util_md5.c	Fri Mar 27 18:06:42 1998
***************
*** 84,90 ****
  
  char *md5 (pool *p, unsigned char *string)
  {
!     MD5_CTX my_md5;
      unsigned char hash[16];
      char *r, result[33];
      int i;
--- 84,90 ----
  
  char *md5 (pool *p, unsigned char *string)
  {
!     APACHE_MD5_CTX my_md5;
      unsigned char hash[16];
      char *r, result[33];
      int i;
***************
*** 149,155 ****
  static char basis_64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  
! char *md5contextTo64(pool *a, MD5_CTX *context)
  {
      unsigned char digest[18];
      char *encodedDigest;
--- 149,155 ----
  static char basis_64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
  
! char *md5contextTo64(pool *a, APACHE_MD5_CTX *context)
  {
      unsigned char digest[18];
      char *encodedDigest;
***************
*** 176,182 ****
  
  char *md5digest(pool *p, FILE *infile)
  {
!     MD5_CTX context;
      unsigned char buf[1000];
      long length = 0;
      int nbytes;
--- 176,182 ----
  
  char *md5digest(pool *p, FILE *infile)
  {
!     APACHE_MD5_CTX context;
      unsigned char buf[1000];
      long length = 0;
      int nbytes;
diff -C3 -r ../apache_1.2.6/src/util_md5.h ./src/util_md5.h
*** ../apache_1.2.6/src/util_md5.h	Wed Jan  1 18:10:46 1997
--- ./src/util_md5.h	Fri Mar 27 18:06:42 1998
***************
*** 53,58 ****
  #include "md5.h"
  
  char *md5(pool *a, unsigned char *string);
! char *md5contextTo64(pool *p, MD5_CTX *context);
  char *md5digest(pool *p, FILE *infile);
  
--- 53,58 ----
  #include "md5.h"
  
  char *md5(pool *a, unsigned char *string);
! char *md5contextTo64(pool *p, APACHE_MD5_CTX *context);
  char *md5digest(pool *p, FILE *infile);
  
