diff -u -r ../apache_1.3.0/src/Configuration ./src/Configuration
--- ../apache_1.3.0/src/Configuration	Mon Jun  1 22:26:55 1998
+++ ./src/Configuration	Sat Jun 20 20:02:21 1998
@@ -47,7 +47,7 @@
 # these for compiling Apache is risky. If you don't want to see Apache dumping
 # core regularly then at most use -O or -O2.
 #
-EXTRA_CFLAGS=
+EXTRA_CFLAGS= -w3 -v -g
 EXTRA_LDFLAGS=
 EXTRA_LIBS=
 EXTRA_INCLUDES=
@@ -56,6 +56,20 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+#SSL_BASE=/u/ben/work/scuzzy-ssleay6
+SSL_BASE=/u/ben/apache/SSLeay-0.9.0-ben
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+
 ################################################################
 # Dynamic Shared Object (DSO) support
 #
@@ -182,6 +196,11 @@
 # the more modules you compile into the server, the larger the executable
 # is and the more memory it will take, so if you are unlikely to use the
 # functionality of a particular module you might wish to leave it out.
+
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
 
 ##
 ## Config manipulation modules
diff -u -r ../apache_1.3.0/src/Configuration.tmpl ./src/Configuration.tmpl
--- ../apache_1.3.0/src/Configuration.tmpl	Tue May 12 12:13:50 1998
+++ ./src/Configuration.tmpl	Tue Jun 16 21:38:21 1998
@@ -56,6 +56,20 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+#SSL_BASE=/u/ben/work/scuzzy-ssleay6
+SSL_BASE=/u/ben/apache/SSLeay-0.9.0-ben
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+
 ################################################################
 # Dynamic Shared Object (DSO) support
 #
@@ -182,6 +196,11 @@
 # the more modules you compile into the server, the larger the executable
 # is and the more memory it will take, so if you are unlikely to use the
 # functionality of a particular module you might wish to leave it out.
+
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
 
 ##
 ## Config manipulation modules
diff -u -r ../apache_1.3.0/src/Configure ./src/Configure
--- ../apache_1.3.0/src/Configure	Tue May 12 12:13:50 1998
+++ ./src/Configure	Tue Jun 16 21:51:33 1998
@@ -1563,12 +1563,12 @@
 ####################################################################
 ## Continue building Makefile.config.
 ##
-echo "CFLAGS1=$CFLAGS">> Makefile.config
+echo "CFLAGS1=$CFLAGS \$(SSL_CFLAGS)">> Makefile.config
 echo "OSDIR=\$(SRCDIR)/$OSDIR">> Makefile.config
 echo "INCDIR=\$(SRCDIR)/include" >>Makefile.config
-echo "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR)">> Makefile.config
+echo "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR) \$(SSL_INCLUDE)">> Makefile.config
 echo "INCLUDES1=$INCLUDES">> Makefile.config
-echo "LIBS1=$LIBS">> Makefile.config
+echo "LIBS1=$LIBS \$(SSL_LIBS)">> Makefile.config
 echo "LDFLAGS1=$LDFLAGS">> Makefile.config
 echo "MFLAGS_STATIC=$MFLAGS_STATIC">> Makefile.config
 echo "REGLIB=$REGLIB">> Makefile.config
diff -u -r ../apache_1.3.0/src/Makefile.tmpl ./src/Makefile.tmpl
--- ../apache_1.3.0/src/Makefile.tmpl	Fri May 22 06:56:56 1998
+++ ./src/Makefile.tmpl	Sat Jun 20 19:47:26 1998
@@ -25,6 +25,13 @@
 
 $(TARGET): $(SUBTARGET)
 
+certificate:
+	$(SSL_APP_DIR)/ssleay req -config ../SSLconf/conf/ssleay.cnf \
+	-new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \
+	-keyout ../SSLconf/conf/httpsd.pem; \
+	ln -sf ../SSLconf/conf/httpsd.pem ../SSLconf/conf/`$(SSL_APP_DIR)/ssleay \
+	x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0
+
 target_static: subdirs modules.o
 	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
diff -u -r ../apache_1.3.0/src/include/buff.h ./src/include/buff.h
--- ../apache_1.3.0/src/include/buff.h	Thu May 28 22:09:46 1998
+++ ./src/include/buff.h	Tue Jun 16 19:03:54 1998
@@ -68,6 +68,11 @@
 
 #include <stdarg.h>
 
+#ifdef APACHE_SSL
+# include <stdio.h>
+# include <ssl.h>
+#endif
+
 /* Reading is buffered */
 #define B_RD     (1)
 /* Writing is buffered */
@@ -127,6 +132,14 @@
 #ifdef B_SFIO
     Sfio_t *sf_in;
     Sfio_t *sf_out;
+#endif
+
+
+#ifdef APACHE_SSL
+    /* Add some context for SSL */
+    SSL *ssl;
+    char *szClientX509;
+    int nVerifyError;
 #endif
 };
 
diff -u -r ../apache_1.3.0/src/include/conf.h ./src/include/conf.h
--- ../apache_1.3.0/src/include/conf.h	Fri May 29 00:15:56 1998
+++ ./src/include/conf.h	Tue Jun 16 18:40:44 1998
@@ -1166,6 +1166,10 @@
 extern double difftime(time_t time1, time_t time0);
 #endif
 
+#ifdef APACHE_SSL
+# define NO_WRITEV
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff -u -r ../apache_1.3.0/src/include/httpd.h ./src/include/httpd.h
--- ../apache_1.3.0/src/include/httpd.h	Mon Jun  1 22:18:43 1998
+++ ./src/include/httpd.h	Sat Jun 20 19:33:12 1998
@@ -66,6 +66,11 @@
  * httpd.h: header for simple (ha! not anymore) http daemon
  */
 
+/* Needed all over the place */
+typedef unsigned int BOOL;
+#define TRUE 		1
+#define FALSE 		0
+
 /* Headers in which EVERYONE has an interest... */
 
 #include "conf.h"
@@ -129,8 +134,13 @@
 #define DEFAULT_HTTP_PORT	80
 #define DEFAULT_HTTPS_PORT	443
 #define ap_is_default_port(port,r)	((port) == ap_default_port(r))
-#define ap_http_method(r)	"http"
-#define ap_default_port(r)	DEFAULT_HTTP_PORT
+#ifdef APACHE_SSL
+# define ap_http_method(r)	((r)->connection->client->ssl ? "https" : "http")
+# define ap_default_port(r)	((r)->connection->client->ssl ? DEFAULT_HTTPS_PORT : DEFAULT_HTTP_PORT)
+#else
+# define ap_http_method(r)	"http"
+# define ap_default_port(r)	DEFAULT_HTTP_PORT
+#endif
 
 /* --------- Default user name and group name running standalone ---------- */
 /* --- These may be specified as numbers by placing a # before a number --- */
@@ -382,7 +392,11 @@
  * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
  */
 
+#ifdef APACHE_SSL
+#define SERVER_BASEVERSION "Apache/1.3.0 Ben-SSL/1.18"	/* SEE COMMENTS ABOVE */
+#else
 #define SERVER_BASEVERSION "Apache/1.3.0"	/* SEE COMMENTS ABOVE */
+#endif
 #define SERVER_VERSION  SERVER_BASEVERSION
 enum server_token_type {
     SrvTk_MIN,		/* eg: Apache/1.3.0 */
@@ -764,6 +778,10 @@
 #define DEFAULT_VHOST_ADDR 0xfffffffful
 
 typedef struct server_addr_rec server_addr_rec;
+
+#ifdef APACHE_SSL
+int ApacheSSLSetupConnection(conn_rec *conn);
+#endif
 struct server_addr_rec {
     server_addr_rec *next;
     struct in_addr host_addr;	/* The bound address, for this server */
diff -u -r ../apache_1.3.0/src/main/Makefile.tmpl ./src/main/Makefile.tmpl
--- ../apache_1.3.0/src/main/Makefile.tmpl	Fri May 29 18:20:54 1998
+++ ./src/main/Makefile.tmpl	Tue Jun 16 18:34:59 1998
@@ -14,7 +14,7 @@
       md5c.o rfc1413.o fnmatch.o
 
 .c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
+	$(CC) -c $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) $<
 
 all: $(HEADERS) $(LIB)
 
diff -u -r ../apache_1.3.0/src/main/buff.c ./src/main/buff.c
--- ../apache_1.3.0/src/main/buff.c	Sat May 16 16:34:48 1998
+++ ./src/main/buff.c	Tue Jun 16 20:11:38 1998
@@ -242,6 +242,11 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	rv=SSL_read(fb->ssl,buf,nbyte);
+    else
+#endif
 	rv = read(fb->fd_in, buf, nbyte);
     
     return rv;
@@ -277,6 +282,11 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	rv=SSL_write(fb->ssl,buf,nbyte);
+    else
+#endif
 #if defined (B_SFIO)
 	rv = sfwrite(fb->sf_out, buf, nbyte);
 #else
@@ -367,6 +377,11 @@
 		       (size_t) SF_UNBOUND, 1, SF_WRITE);
 #endif
 
+#ifdef APACHE_SSL
+    fb->ssl = NULL;
+    fb->szClientX509 = NULL;
+#endif
+
     return fb;
 }
 
@@ -1089,7 +1104,7 @@
 	return write_with_errors(fb, buf, nbyte);
     }
 
-#ifdef NO_WRITEV
+#if defined(NO_WRITEV)
     /* without writev() this has poor performance, too bad */
 
     ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
@@ -1425,6 +1440,13 @@
     fb->flags |= B_EOF | B_EOUT;
     fb->fd = -1;
     fb->fd_in = -1;
+
+#ifdef APACHE_SSL
+    if (fb->ssl) {
+	SSL_free(fb->ssl);
+	fb->ssl = NULL;
+    }
+#endif
 
 #ifdef B_SFIO
     sfclose(fb->sf_in);
diff -u -r ../apache_1.3.0/src/main/http_main.c ./src/main/http_main.c
--- ../apache_1.3.0/src/main/http_main.c	Fri May 29 08:18:49 1998
+++ ./src/main/http_main.c	Tue Jun 16 20:13:37 1998
@@ -3235,16 +3235,6 @@
     (void) set42sig();
 #endif
 
-#ifdef SecureWare
-    if (set_auth_parameters(argc, argv) < 0)
-	perror("set_auth_parameters");
-    if (getluid() < 0)
-	if (setluid(getuid()) < 0)
-	    perror("setluid");
-    if (setreuid(0, 0) < 0)
-	perror("setreuid");
-#endif
-
 #ifdef WIN32
     /* Initialize the stupid sockets */
     AMCSocketInitialize();
@@ -3607,6 +3597,16 @@
 				          (struct sockaddr_in *) &sa_server,
 				          my_child_num);
 
+#ifdef APACHE_SSL
+	/* 
+	 * This returns false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ApacheSSLSetupConnection(current_conn);
+#endif
+
 	/*
 	 * Read and process each request found on our connection
 	 * until no requests are left or we decide to close.
@@ -4016,6 +4016,7 @@
 	ap_set_version();	/* create our server_version string */
 	ap_init_modules(pconf, server_conf);
 	version_locked++;	/* no more changes to server_version */
+
 	SAFE_ACCEPT(accept_mutex_init(pconf));
 	if (!is_graceful) {
 	    reinit_scoreboard(pconf);
@@ -4205,6 +4206,16 @@
 {
     int c;
 
+#ifdef SecureWare
+    if (set_auth_parameters(argc, argv) < 0)
+	perror("set_auth_parameters");
+    if (getluid() < 0)
+	if (setluid(getuid()) < 0)
+	    perror("setluid");
+    if (setreuid(0, 0) < 0)
+	perror("setreuid");
+#endif
+
 #ifdef SOCKS
     SOCKSinit(argv[0]);
 #endif
@@ -4664,6 +4675,16 @@
 				          (struct sockaddr_in *) &sa_client,
 				          (struct sockaddr_in *) &sa_server,
 				          child_num);
+
+#ifdef APACHE_SSL
+	/* 
+	 * This returns false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ApacheSSLSetupConnection(current_conn);
+#endif
 
 	/*
 	 * Read and process each request found on our connection
diff -u -r ../apache_1.3.0/src/modules/standard/mod_auth.c ./src/modules/standard/mod_auth.c
--- ../apache_1.3.0/src/modules/standard/mod_auth.c	Sat Apr 11 12:00:44 1998
+++ ./src/modules/standard/mod_auth.c	Tue Jun 16 19:20:17 1998
@@ -75,7 +75,13 @@
 #include "http_log.h"
 #include "http_protocol.h"
 #if defined(HAVE_CRYPT_H)
+#if defined(APACHE_SSL)
+#define des_encrypt	BASE_des_encrypt
 #include <crypt.h>
+#undef des_encrypt
+#else
+#include <crypt.h>
+#endif /* APACHE_SSL */
 #endif
 
 typedef struct auth_config_struct {
diff -u -r ../apache_1.3.0/src/modules/standard/mod_log_config.c ./src/modules/standard/mod_log_config.c
--- ../apache_1.3.0/src/modules/standard/mod_log_config.c	Fri May 29 08:18:51 1998
+++ ./src/modules/standard/mod_log_config.c	Tue Jun 16 20:15:55 1998
@@ -127,6 +127,15 @@
  * %...l:  remote logname (from identd, if supplied)
  * %...{Foobar}n:  The contents of note "Foobar" from another module.
  * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
+ *
+ * Additional SSL directives:
+ *
+ * %...{cipher}c:  cipher used (SSL_get_cipher)
+ * %...{clientcert}c: client certificate information
+ * %...{errcode}c: X509 verify error code
+ * %...{errstr}c: X509 verify error string
+ * %...{version}c: SSL version (SSLeay 0.8.0 and above)
+ *
  * %...p:  the port the request was served to
  * %...P:  the process ID of the child that serviced the request.
  * %...r:  first line of request
@@ -173,6 +182,10 @@
 #include "http_log.h"
 #include <limits.h>
 
+#ifdef APACHE_SSL
+#include <crypto.h>
+#endif
+
 module MODULE_VAR_EXPORT config_log_module;
 
 static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
@@ -418,6 +431,10 @@
     return ap_psprintf(r->pool, "%ld", (long) getpid());
 }
 
+#ifdef APACHE_SSL
+extern char *log_ssl_info(request_rec *r, char *a);
+#endif
+
 /*****************************************************************
  *
  * Parsing the log format string
@@ -483,6 +500,9 @@
     {
         'P', log_child_pid, 0
     },
+#ifdef APACHE_SSL
+    { 'c', log_ssl_info, 0 },
+#endif
     {
         '\0'
     }
@@ -628,6 +648,71 @@
     parse_log_item(p, (log_format_item *) ap_push_array(a), &s);
     return a;
 }
+
+#ifdef APACHE_SSL
+char *log_ssl_info(request_rec *r, char *a)
+    {
+    char str[MAX_STRING_LEN];
+
+    if(!r->connection->client->ssl)
+	return NULL;
+
+    if(!strcmp(a, "cipher"))
+	return SSL_get_cipher(r->connection->client->ssl);
+
+    if(!strcmp(a, "clientcert"))
+	return r->connection->client->szClientX509;
+
+    if(!strcmp(a, "errcode"))
+	if(r->connection->client->nVerifyError)
+	    {
+	    sprintf(str, "%d", r->connection->client->nVerifyError);
+	    return ap_pstrdup(r->pool,str);
+	    }
+	else
+	    return NULL;
+
+    if(!strcmp(a, "errstr"))
+	if(r->connection->client->nVerifyError)
+#if SSLEAY_VERSION_NUMBER < 0x0800
+	    return X509_cert_verify_error_string(r->connection->client->nVerifyError);
+#else
+	    return X509_verify_cert_error_string(r->connection->client->nVerifyError);
+#endif
+	else
+	    return NULL;
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+    if(!strcmp(a, "version"))
+	{
+#if SSLEAY_VERSION_NUMBER >= 0x0900
+	switch(r->connection->client->ssl->session->ssl_version)
+	    {
+	case TLS1_VERSION:
+	    return "TLS1";
+
+	case SSL3_VERSION:
+	    return "SSL3";
+
+	case SSL2_VERSION:
+	    return "SSL2";
+
+	default:
+	    return "?";
+	    }
+#else
+	static char v[2];
+
+	v[0]='0'+r->connection->client->ssl->session->ssl_version;
+	v[1]='\0';
+	return v;
+#endif
+	}
+#endif
+    
+    return NULL;
+}
+#endif
 
 /*****************************************************************
  *
diff -u -r ../apache_1.3.0/src/support/suexec.c ./src/support/suexec.c
--- ../apache_1.3.0/src/support/suexec.c	Tue Apr 21 20:14:06 1998
+++ ./src/support/suexec.c	Tue Jun 16 18:19:54 1998
@@ -209,7 +209,8 @@
     }
 
     for (ep = environ; *ep && cidx < AP_ENVBUF; ep++) {
-	if (!strncmp(*ep, "HTTP_", 5)) {
+	if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep,"HTTPS",5)
+	    || !strncmp(*ep,"SSL_",4)) {
 	    cleanenv[cidx] = *ep;
 	    cidx++;
 	}
