diff -u -r ../apache_1.3.12/Makefile.tmpl ./Makefile.tmpl
--- ../apache_1.3.12/Makefile.tmpl	Tue Jan 11 19:47:41 2000
+++ ./Makefile.tmpl	Sat Mar  4 12:57:46 2000
@@ -286,6 +286,7 @@
 #   shared object files.
 install-programs:
 	@echo "===> [programs: Installing Apache $(TARGET) program and shared objects]"
+	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/modules/ssl/gcache $(root)$(sbindir)/gcache
 	-@if [ ".`grep '^[ 	]*AddModule.*mod_so\.o' $(TOP)/$(SRC)/Configuration.apaci`" != . ]; then \
 		echo "$(INSTALL_CORE) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET)"; \
 		$(INSTALL_CORE) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET); \
diff -u -r ../apache_1.3.12/configure ./configure
--- ../apache_1.3.12/configure	Sat Feb  5 14:28:59 2000
+++ ./configure	Wed Apr 12 10:19:46 2000
@@ -822,7 +822,9 @@
                            OOIFS="$IFS"
                            IFS=':'
                            for module in $modules; do
-                               eval "shared_${module}=yes" 
+#			       if [ $module != apache_ssl ]; then
+				   eval "shared_${module}=yes"
+#			       fi
                            done
                            IFS="$OOIFS"
                            shared_so=no        # because of bootstrapping
@@ -1090,8 +1092,10 @@
 ##
 if [ "x$TARGET" != "x" ]; then
     thetarget="$TARGET"
+    theconfig="$thetarget"
 else
-    thetarget=httpd
+    thetarget=httpsd
+    theconfig=httpd
 fi
 
 ##
@@ -1238,13 +1242,13 @@
     echo "Compilation paths:"
     echo "           HTTPD_ROOT: $prefix"
     echo "      SHARED_CORE_DIR: $libexecdir"
-    echo "       DEFAULT_PIDLOG: ${runtimedir_relative}${thetarget}.pid"
-    echo "   DEFAULT_SCOREBOARD: ${runtimedir_relative}${thetarget}.scoreboard"
-    echo "     DEFAULT_LOCKFILE: ${runtimedir_relative}${thetarget}.lock"
+    echo "       DEFAULT_PIDLOG: ${runtimedir_relative}${theconfig}.pid"
+    echo "   DEFAULT_SCOREBOARD: ${runtimedir_relative}${theconfig}.scoreboard"
+    echo "     DEFAULT_LOCKFILE: ${runtimedir_relative}${theconfig}.lock"
     echo "      DEFAULT_XFERLOG: ${logfiledir_relative}access_log"
     echo "     DEFAULT_ERRORLOG: ${logfiledir_relative}error_log"
     echo "    TYPES_CONFIG_FILE: ${sysconfdir_relative}mime.types"
-    echo "   SERVER_CONFIG_FILE: ${sysconfdir_relative}${thetarget}.conf"
+    echo "   SERVER_CONFIG_FILE: ${sysconfdir_relative}${theconfig}.conf"
     echo "   ACCESS_CONFIG_FILE: ${sysconfdir_relative}access.conf"
     echo " RESOURCE_CONFIG_FILE: ${sysconfdir_relative}srm.conf"
     echo ""
@@ -1336,13 +1340,13 @@
 echo "echo '-DHTTPD_ROOT=\"$prefix\"'" >>$src/apaci
 echo "echo '-DSUEXEC_BIN=\"$sbindir/suexec\"'" >>$src/apaci
 echo "echo '-DSHARED_CORE_DIR=\"$libexecdir\"'" >>$src/apaci
-echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}${thetarget}.pid\"'" >>$src/apaci
-echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}${thetarget}.scoreboard\"'" >>$src/apaci
-echo "echo '-DDEFAULT_LOCKFILE=\"${runtimedir_relative}${thetarget}.lock\"'" >>$src/apaci
+echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}${theconfig}.pid\"'" >>$src/apaci
+echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}${theconfig}.scoreboard\"'" >>$src/apaci
+echo "echo '-DDEFAULT_LOCKFILE=\"${runtimedir_relative}${theconfig}.lock\"'" >>$src/apaci
 echo "echo '-DDEFAULT_XFERLOG=\"${logfiledir_relative}access_log\"'" >>$src/apaci
 echo "echo '-DDEFAULT_ERRORLOG=\"${logfiledir_relative}error_log\"'" >>$src/apaci
 echo "echo '-DTYPES_CONFIG_FILE=\"${sysconfdir_relative}mime.types\"'" >>$src/apaci
-echo "echo '-DSERVER_CONFIG_FILE=\"${sysconfdir_relative}${thetarget}.conf\"'" >>$src/apaci
+echo "echo '-DSERVER_CONFIG_FILE=\"${sysconfdir_relative}${theconfig}.conf\"'" >>$src/apaci
 echo "echo '-DACCESS_CONFIG_FILE=\"${sysconfdir_relative}access.conf\"'" >>$src/apaci
 echo "echo '-DRESOURCE_CONFIG_FILE=\"${sysconfdir_relative}srm.conf\"'" >>$src/apaci
 chmod a+x $src/apaci
@@ -1510,6 +1514,7 @@
     eval "share=\$shared_$module"
     if [ "x$share" = "xyes" ]; then
         echo $SEO "s%^\\(.*\\)AddModule\\(.*mod_$module\\.\\)[oam].*\\(.*\\)%\\1SharedModule\\2so\\3%g" >>$sedsubst
+        echo $SEO "s%^\\(.*\\)AddModule\\(.*$module\\.\\)[oam].*\\(.*\\)%\\1SharedModule\\2so\\3%g" >>$sedsubst
         echo $SEO "s%^\\(.*\\)AddModule\\(.*lib$module\\.\\)[oam].*\\(.*\\)%\\1SharedModule\\2so\\3%g" >>$sedsubst
         m="$m [shared]"
     fi
diff -u -r ../apache_1.3.12/src/Configuration ./src/Configuration
--- ../apache_1.3.12/src/Configuration	Wed Feb 23 23:09:35 2000
+++ ./src/Configuration	Wed Jul 19 15:29:43 2000
@@ -62,6 +62,21 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+KEYNOTE_BASE=/home/ben/work/KeyNote
+SSL_BASE=/usr/home/ben/work/openssl
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+SSL_APP=/usr/home/ben/work/openssl/apps/openssl
+
 ################################################################
 # Name of the installed Apache HTTP webserver.
 #
@@ -220,6 +235,11 @@
 # is and the more memory it will take, so if you are unlikely to use the
 # functionality of a particular module you might wish to leave it out.
 
+##
+## Experimental Apache-SSL KeyNote support.
+
+# AddModule modules/ssl-keynote/apache_ssl_keynote.o
+
 ## mod_mmap_static is an experimental module, you almost certainly
 ## don't need it.  It can make some webservers faster.  No further
 ## documentation is provided here because you'd be foolish
@@ -436,3 +456,7 @@
 
 AddModule modules/standard/mod_setenvif.o
 
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
diff -u -r ../apache_1.3.12/src/Configuration.tmpl ./src/Configuration.tmpl
--- ../apache_1.3.12/src/Configuration.tmpl	Sat Aug 14 08:35:43 1999
+++ ./src/Configuration.tmpl	Sat Mar  4 12:57:47 2000
@@ -62,6 +62,21 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+KEYNOTE_BASE=/home/ben/work/KeyNote
+SSL_BASE=/usr/home/ben/work/openssl
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+SSL_APP=/usr/home/ben/work/openssl/apps/openssl
+
 ################################################################
 # Name of the installed Apache HTTP webserver.
 #
@@ -220,6 +235,11 @@
 # is and the more memory it will take, so if you are unlikely to use the
 # functionality of a particular module you might wish to leave it out.
 
+##
+## Experimental Apache-SSL KeyNote support.
+
+# AddModule modules/ssl-keynote/apache_ssl_keynote.o
+
 ## mod_mmap_static is an experimental module, you almost certainly
 ## don't need it.  It can make some webservers faster.  No further
 ## documentation is provided here because you'd be foolish
@@ -436,3 +456,7 @@
 
 AddModule modules/standard/mod_setenvif.o
 
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
diff -u -r ../apache_1.3.12/src/Configure ./src/Configure
--- ../apache_1.3.12/src/Configure	Sun Feb  6 01:27:19 2000
+++ ./src/Configure	Sat Mar  4 12:57:49 2000
@@ -845,7 +845,7 @@
 ##
 echo >>Makefile.config "OSDIR=\$(SRCDIR)/$OSDIR"
 echo >>Makefile.config "INCDIR=\$(SRCDIR)/include"
-echo >>Makefile.config "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR)"
+echo >>Makefile.config "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR) \$(SSL_INCLUDE)"
 echo >>Makefile.config "SHELL=$SHELL"
 echo >>Makefile.config "OS=$OS"
 
@@ -1697,6 +1697,10 @@
 		    echo "    o $modbase adds libraries: $modlibs1"
 		    modlibs="$modlibs $modlibs1"
 		fi
+		if grep "Libs:" $tmpfile2 > /dev/null; then
+		    modlibs=`grep Libs: $tmpfile2 | sed 's/^.*Libs:[ 	]*//'`
+		    echo "    o $modbase adds libraries: $modlibs"
+		fi
 		rm -f $tmpfile2 $tmpfile3
 		if [ "x$ext" != "x$SHMOD_SUFFIX_NAME" ]; then
 		    ext=o
@@ -1997,7 +2001,7 @@
 ## for $LIBS at this point. This implies that anything below
 ## can only alter $LIBS
 ##
-echo "CFLAGS1=$CFLAGS" >>Makefile.config
+echo "CFLAGS1=$CFLAGS \$(SSL_CFLAGS)" >>Makefile.config
 echo "INCLUDES1=$INCLUDES" >>Makefile.config
 echo "LIBS_SHLIB=$LIBS_SHLIB" >>Makefile.config
 echo "LDFLAGS1=$LDFLAGS" >>Makefile.config
@@ -2179,7 +2183,7 @@
 ####################################################################
 ## Finish creating the Makefile.config file
 ##
-echo "LIBS1=$modlibs $LIBS">> Makefile.config
+echo "LIBS1=$modlibs $LIBS \$(SSL_LIBS)">> Makefile.config
 echo "##" >> Makefile.config
 echo "##  (End of automatically generated section)">> Makefile.config
 echo "##" >> Makefile.config
diff -u -r ../apache_1.3.12/src/Makefile.tmpl ./src/Makefile.tmpl
--- ../apache_1.3.12/src/Makefile.tmpl	Thu Dec  9 17:19:31 1999
+++ ./src/Makefile.tmpl	Wed Apr 12 10:10:09 2000
@@ -30,6 +30,15 @@
 
 $(TARGET): $(EXTRA_DEPS) $(SUBTARGET)
 
+certificate:
+	ps > /tmp/ssl-rand; date >> /tmp/ssl-rand; \
+	RANDFILE=/tmp/ssl-rand $(SSL_APP) req -config ../SSLconf/conf/ssleay.cnf \
+	-new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \
+	-keyout ../SSLconf/conf/httpsd.pem; \
+	ln -sf httpsd.pem ../SSLconf/conf/`$(SSL_APP) \
+	x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0; \
+	rm /tmp/ssl-rand
+
 target_static: subdirs modules.o
 	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
diff -u -r ../apache_1.3.12/src/include/ap_config.h ./src/include/ap_config.h
--- ../apache_1.3.12/src/include/ap_config.h	Wed Feb 23 12:44:56 2000
+++ ./src/include/ap_config.h	Sat Mar  4 12:57:49 2000
@@ -495,7 +495,17 @@
  * all glibc based systems need crypt.h
  */
 #if defined(__GNU_LIBRARY__) && __GNU_LIBRARY__ > 1
-#include <crypt.h>
+
+# ifdef APACHE_SSL
+#  define des_encrypt BASE_des_encrypt
+# endif
+
+# include <crypt.h>
+
+# ifdef APACHE_SSL
+#  undef des_encrypt
+# endif
+
 #endif
 
 /* glibc 2.0.0 through 2.0.4 need size_t * here, where 2.0.5 needs socklen_t *
@@ -1435,6 +1445,10 @@
 
 #ifndef ap_wait_t
 #define ap_wait_t int
+#endif
+
+#ifdef APACHE_SSL
+# define NO_WRITEV
 #endif
 
 #ifdef __cplusplus
diff -u -r ../apache_1.3.12/src/include/ap_mmn.h ./src/include/ap_mmn.h
--- ../apache_1.3.12/src/include/ap_mmn.h	Sun Feb 20 01:14:46 2000
+++ ./src/include/ap_mmn.h	Wed Apr 12 07:39:20 2000
@@ -230,6 +230,7 @@
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503133UL /* "AP13" */
+#define SSL_MAGIC_COOKIE 0x53533133UL /* "SS13" */
 
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 19990320
diff -u -r ../apache_1.3.12/src/include/buff.h ./src/include/buff.h
--- ../apache_1.3.12/src/include/buff.h	Fri Jan  1 19:04:39 1999
+++ ./src/include/buff.h	Sat Mar  4 12:57:49 2000
@@ -61,13 +61,30 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-
 #ifdef B_SFIO
+
 #include "sfio.h"
 #endif
 
 #include <stdarg.h>
 
+#ifdef APACHE_SSL
+
+# include <stdio.h>
+# include <openssl/ssl.h>
+
+#if SSLEAY_VERSION_NUMBER < 0x0920
+# error "Don't use OpenSSL/SSLeay versions less than 0.9.2b, they have a serious security problem!"
+#endif
+
+# define APACHE_SSL_EXPORT_CERTS	FALSE
+# if APACHE_SSL_EXPORT_CERTS
+/* SSLeay doesn't, so we must! */
+#  define APACHE_SSL_KEEP_CERTS		TRUE
+# endif
+
+#endif
+
 /* Reading is buffered */
 #define B_RD     (1)
 /* Writing is buffered */
@@ -127,6 +144,16 @@
 #ifdef B_SFIO
     Sfio_t *sf_in;
     Sfio_t *sf_out;
+#endif
+
+#ifdef APACHE_SSL
+    /* Add some context for SSL */
+    SSL *ssl;
+    char *szClientX509;
+    int nVerifyError;
+# if APACHE_SSL_KEEP_CERTS
+    table *tableCertChain;
+# endif
 #endif
 };
 
diff -u -r ../apache_1.3.12/src/include/http_config.h ./src/include/http_config.h
--- ../apache_1.3.12/src/include/http_config.h	Fri May  7 00:16:10 1999
+++ ./src/include/http_config.h	Wed Apr 12 09:01:25 2000
@@ -275,6 +275,11 @@
     void (*child_exit) (server_rec *, pool *);
 #endif
     int (*post_read_request) (request_rec *);
+#ifdef APACHE_SSL
+/* These are only present if the cookie is SSL_MAGIC_COOKIE */
+    void (*setup_connection)(conn_rec *);
+    void (*add_common_vars)(request_rec *);
+#endif
 } module;
 
 /* Initializer for the first few module slots, which are only
@@ -295,6 +300,14 @@
 				NULL, \
 				MODULE_MAGIC_COOKIE
 
+#define SSL_MODULE_STUFF	MODULE_MAGIC_NUMBER_MAJOR, \
+				MODULE_MAGIC_NUMBER_MINOR, \
+				-1, \
+				__FILE__, \
+				NULL, \
+				NULL, \
+				SSL_MAGIC_COOKIE
+
 /* Generic accessors for other modules to get at their own module-specific
  * data
  */
@@ -404,6 +417,11 @@
 CORE_EXPORT(const command_rec *) ap_find_command_in_modules(const char *cmd_name, module **mod);
 CORE_EXPORT(void *) ap_set_config_vectors(cmd_parms *parms, void *config, module *mod);
 CORE_EXPORT(const char *) ap_handle_command(cmd_parms *parms, void *config, const char *l);
+
+#ifdef APACHE_SSL
+CORE_EXPORT(void) ap_add_common_vars2(request_rec *r);
+CORE_EXPORT(void) ap_setup_connection(conn_rec *c);
+#endif
 
 #endif
 
diff -u -r ../apache_1.3.12/src/include/http_main.h ./src/include/http_main.h
--- ../apache_1.3.12/src/include/http_main.h	Fri Jan  1 19:04:40 1999
+++ ./src/include/http_main.h	Sat Mar  4 12:57:50 2000
@@ -115,6 +115,7 @@
 void ap_start_shutdown(void);
 void ap_start_restart(int);
 API_EXPORT(void) ap_hard_timeout(char *, request_rec *);
+void ap_conn_timeout(char *name,conn_rec *conn);
 void ap_keepalive_timeout(char *, request_rec *);
 API_EXPORT(void) ap_soft_timeout(char *, request_rec *);
 API_EXPORT(void) ap_kill_timeout(request_rec *);
@@ -164,6 +165,8 @@
  * write_fd are possibly killed off separately.
  */
 API_EXPORT(void) ap_unregister_other_child(void *data);
+/* Check for debug-level logging */
+API_EXPORT(int) LogLevelIsDebug(void);
 
 #endif
 
diff -u -r ../apache_1.3.12/src/include/httpd.h ./src/include/httpd.h
--- ../apache_1.3.12/src/include/httpd.h	Wed Feb 23 23:01:33 2000
+++ ./src/include/httpd.h	Fri Jun  2 14:38:18 2000
@@ -66,6 +66,11 @@
  * httpd.h: header for simple (ha! not anymore) http daemon
  */
 
+/* Needed all over the place */
+typedef unsigned int BOOL;
+#define TRUE 		1
+#define FALSE 		0
+
 /* Headers in which EVERYONE has an interest... */
 
 #include "ap_config.h"
@@ -140,8 +145,13 @@
 #define DEFAULT_HTTP_PORT	80
 #define DEFAULT_HTTPS_PORT	443
 #define ap_is_default_port(port,r)	((port) == ap_default_port(r))
-#define ap_http_method(r)	"http"
-#define ap_default_port(r)	DEFAULT_HTTP_PORT
+#ifdef APACHE_SSL
+# define ap_http_method(r)	((r)->connection->client->ssl ? "https" : "http")
+# define ap_default_port(r)	((r)->connection->client->ssl ? DEFAULT_HTTPS_PORT : DEFAULT_HTTP_PORT)
+#else
+# define ap_http_method(r)	"http"
+# define ap_default_port(r)	DEFAULT_HTTP_PORT
+#endif
 
 /* --------- Default user name and group name running standalone ---------- */
 /* --- These may be specified as numbers by placing a # before a number --- */
@@ -427,7 +437,11 @@
  * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
  */
 
+#ifdef APACHE_SSL
+#define SERVER_BASEVERSION "Apache/1.3.12 Ben-SSL/1.41"       /* SEE COMMENTS ABOVE */
+#else
 #define SERVER_BASEVERSION "Apache/1.3.12"	/* SEE COMMENTS ABOVE */
+#endif
 #define SERVER_VERSION  SERVER_BASEVERSION
 enum server_token_type {
     SrvTk_MIN,		/* eg: Apache/1.3.0 */
@@ -877,6 +891,11 @@
 #define DEFAULT_VHOST_ADDR 0xfffffffful
 
 typedef struct server_addr_rec server_addr_rec;
+
+#ifdef APACHE_SSL
+int ApacheSSLSetupConnection(conn_rec *conn);
+void ApacheSSLAddCommonVars(request_rec *r);
+#endif
 struct server_addr_rec {
     server_addr_rec *next;
     struct in_addr host_addr;	/* The bound address, for this server */
diff -u -r ../apache_1.3.12/src/main/Makefile.tmpl ./src/main/Makefile.tmpl
--- ../apache_1.3.12/src/main/Makefile.tmpl	Tue Jan 12 15:47:00 1999
+++ ./src/main/Makefile.tmpl	Sat Mar  4 12:57:50 2000
@@ -14,7 +14,7 @@
       rfc1413.o
 
 .c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
+	$(CC) -c $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) $<
 
 all: $(HEADERS) $(LIB)
 
diff -u -r ../apache_1.3.12/src/main/buff.c ./src/main/buff.c
--- ../apache_1.3.12/src/main/buff.c	Tue Jan 11 15:51:32 2000
+++ ./src/main/buff.c	Sat Mar  4 12:57:51 2000
@@ -72,6 +72,10 @@
 #include <bstring.h>		/* for IRIX, FD_SET calls bzero() */
 #endif
 
+#ifdef APACHE_SSL
+# include <openssl/err.h>
+#endif
+
 #ifndef DEFAULT_BUFSIZE
 #define DEFAULT_BUFSIZE (4096)
 #endif
@@ -257,6 +261,46 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	{
+	int pa;
+
+	do
+	    {
+	    /* A horrible hack: an increase in this stat indicates that the
+	       client renegotiated. Is there a better way? Ben 10 Apr 1999
+	    */
+	    pa=fb->ssl->ctx->stats.sess_accept;
+
+	    rv=SSL_read(fb->ssl,buf,nbyte);
+
+	    ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,NULL,
+			 "read returned %d rwstate=%d state=%d rstate=%d "
+			 "cren=%d aren=%d accept=%d",
+			 rv,fb->ssl->rwstate,fb->ssl->state,fb->ssl->rstate,
+			 fb->ssl->ctx->stats.sess_connect_renegotiate,
+			 fb->ssl->ctx->stats.sess_accept_renegotiate,
+			 fb->ssl->ctx->stats.sess_accept);
+	    }
+	while(rv < 0 && fb->ssl->ctx->stats.sess_accept != pa);
+
+	if(rv < 0)
+	    {
+	    int l;
+
+	    while((l=ERR_get_error()))
+		{
+		char buf[MAX_STRING_LEN];
+
+		ERR_error_string(l,buf);
+		ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,NULL,"%s",
+			     buf);
+		}
+	    }
+	}
+    else
+#endif
 	rv = read(fb->fd_in, buf, nbyte);
     
     return rv;
@@ -298,6 +342,7 @@
 #else
     rv = ap_read(fb, buf, nbyte);
 #endif /* WIN32 */
+
     return rv;
 }
 
@@ -315,6 +360,27 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	{
+	rv=SSL_write(fb->ssl,buf,nbyte);
+
+	if(rv < 0)
+	    {
+	    int l;
+
+	    while((l=ERR_get_error()))
+		{
+		char buf[MAX_STRING_LEN];
+
+		ERR_error_string(l,buf);
+		ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,NULL,"%s",
+			     buf);
+		}
+	    }
+	}
+    else
+#endif
 #if defined (B_SFIO)
 	rv = sfwrite(fb->sf_out, buf, nbyte);
 #else
@@ -421,6 +487,11 @@
 		       (size_t) SF_UNBOUND, 1, SF_WRITE);
 #endif
 
+#ifdef APACHE_SSL
+    fb->ssl = NULL;
+    fb->szClientX509 = NULL;
+#endif
+
     return fb;
 }
 
@@ -1145,7 +1216,7 @@
 	return write_with_errors(fb, buf, nbyte);
     }
 
-#ifdef NO_WRITEV
+#if defined(NO_WRITEV)
     /* without writev() this has poor performance, too bad */
 
     ap_snprintf(chunksize, sizeof(chunksize), "%x" CRLF, nbyte);
diff -u -r ../apache_1.3.12/src/main/http_config.c ./src/main/http_config.c
--- ../apache_1.3.12/src/main/http_config.c	Sat Jan 15 16:40:42 2000
+++ ./src/main/http_config.c	Wed Apr 12 08:32:45 2000
@@ -367,6 +367,26 @@
     return run_all ? OK : DECLINED;
 }
 
+#ifdef APACHE_SSL
+void ap_add_common_vars2(request_rec *r)
+    {
+    module *m;
+
+    for (m = top_module; m; m = m->next)
+	if (m->magic == SSL_MAGIC_COOKIE && m->add_common_vars)
+	    (*m->add_common_vars)(r);
+    }
+
+void ap_setup_connection(conn_rec *c)
+    {
+    module *m;
+
+    for (m = top_module; m; m = m->next)
+	if (m->magic == SSL_MAGIC_COOKIE && m->setup_connection)
+	    (*m->setup_connection)(c);
+    }
+#endif
+
 int ap_translate_name(request_rec *r)
 {
     return run_method(r, offsets_into_method_ptrs.translate_handler, 0);
diff -u -r ../apache_1.3.12/src/main/http_log.c ./src/main/http_log.c
--- ../apache_1.3.12/src/main/http_log.c	Wed Feb  2 20:43:49 2000
+++ ./src/main/http_log.c	Sat Mar  4 12:57:51 2000
@@ -310,7 +310,8 @@
 	 * notice
 	 */
 	if (((level & APLOG_LEVELMASK) != APLOG_NOTICE) &&
-	    ((level & APLOG_LEVELMASK) > DEFAULT_LOGLEVEL))
+	    ((level & APLOG_LEVELMASK) > DEFAULT_LOGLEVEL)
+	    && !LogLevelIsDebug())
 	    return;
 	logf = stderr;
     }
diff -u -r ../apache_1.3.12/src/main/http_main.c ./src/main/http_main.c
--- ../apache_1.3.12/src/main/http_main.c	Sat Feb  5 12:01:52 2000
+++ ./src/main/http_main.c	Wed Apr 12 08:33:52 2000
@@ -376,6 +376,9 @@
 /* Global, alas, so http_core can talk to us */
 enum server_token_type ap_server_tokens = SrvTk_FULL;
 
+int LogLevelIsDebug()
+    { return server_conf && server_conf->loglevel == APLOG_DEBUG; }
+
 /*
  * This routine is called when the pconf pool is vacuumed.  It resets the
  * server version string to a known value and [re]enables modifications
@@ -1351,8 +1354,21 @@
     }
 }
 
+/* Essentially the same as ap_keepalive_timeout, but used if you have no
+   request_rec */
+void ap_conn_timeout(char *name,conn_rec *conn)
+    {
+    unsigned int to;
 
+    timeout_req=NULL;
+    timeout_name=name;
 
+    if(conn->keptalive)
+	to=conn->server->keep_alive_timeout;
+    else
+	to=conn->server->timeout;
+    ap_set_callback_and_alarm(timeout, to);
+    }
 
 void ap_keepalive_timeout(char *name, request_rec *r)
 {
@@ -4158,6 +4174,16 @@
 				          (struct sockaddr_in *) &sa_server,
 				          my_child_num);
 
+#ifdef APACHE_SSL
+	/* 
+	 * This could return false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ap_setup_connection(current_conn);
+#endif
+
 	/*
 	 * Read and process each request found on our connection
 	 * until no requests are left or we decide to close.
@@ -5084,6 +5110,16 @@
 			          (struct sockaddr_in *) &sa_client,
 			          (struct sockaddr_in *) &sa_server, -1);
 
+#ifdef APACHE_SSL
+      /*
+       * This could return false if the connection cannot be setup,
+       * so maybe we should do something with this here...
+       * however it also blocks the BUFF connections
+       * so the next bit should fall out anyway!
+       */
+      ap_setup_connection(conn);
+#endif
+
 	while ((r = ap_read_request(conn)) != NULL) {
 
 	    if (r->status == HTTP_OK)
@@ -5374,6 +5410,17 @@
 
 	ap_note_cleanups_for_socket(ptrans, csd);
 
+
+#ifdef APACHE_SSL
+	/* 
+	 * This returns false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ApacheSSLSetupConnection(current_conn);
+#endif
+
 	/*
 	 * We now have a connection, so set it up with the appropriate
 	 * socket options, file descriptors, and read/write buffers.
@@ -6651,7 +6698,6 @@
        return -1;
     }
 
-    ap_cpystrn(cwd, ap_os_canonical_filename(pcommands, cwd), sizeof(cwd));
     ap_cpystrn(ap_server_root, cwd, sizeof(ap_server_root));
 #endif
 
diff -u -r ../apache_1.3.12/src/main/util_script.c ./src/main/util_script.c
--- ../apache_1.3.12/src/main/util_script.c	Thu Dec  9 17:19:45 1999
+++ ./src/main/util_script.c	Wed Apr 12 08:05:49 2000
@@ -323,6 +323,10 @@
     }
 
     ap_overlap_tables(r->subprocess_env, e, AP_OVERLAP_TABLES_SET);
+
+#ifdef APACHE_SSL
+    ap_add_common_vars2(r);
+#endif
 }
 
 /* This "cute" little function comes about because the path info on
diff -u -r ../apache_1.3.12/src/modules/standard/mod_log_config.c ./src/modules/standard/mod_log_config.c
--- ../apache_1.3.12/src/modules/standard/mod_log_config.c	Wed Feb  2 20:44:04 2000
+++ ./src/modules/standard/mod_log_config.c	Sat Mar  4 12:57:53 2000
@@ -130,6 +130,15 @@
  * %...l:  remote logname (from identd, if supplied)
  * %...{Foobar}n:  The contents of note "Foobar" from another module.
  * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
+ *
+ * Additional SSL directives:
+ *
+ * %...{cipher}c:  cipher used (SSL_get_cipher)
+ * %...{clientcert}c: client certificate information
+ * %...{errcode}c: X509 verify error code
+ * %...{errstr}c: X509 verify error string
+ * %...{version}c: SSL version (SSLeay 0.8.0 and above)
+ *
  * %...p:  the port the request was served to
  * %...P:  the process ID of the child that serviced the request.
  * %...r:  first line of request
@@ -180,6 +189,10 @@
 #include "http_log.h"
 #include <limits.h>
 
+#ifdef APACHE_SSL
+# include <openssl/crypto.h>
+#endif
+
 module MODULE_VAR_EXPORT config_log_module;
 
 static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
@@ -466,6 +479,10 @@
     return ap_psprintf(r->pool, "%ld", (long) getpid());
 }
 
+#ifdef APACHE_SSL
+extern const char *log_ssl_info(request_rec *r, char *a);
+#endif
+
 /*****************************************************************
  *
  * Parsing the log format string
@@ -534,6 +551,9 @@
     {
         'v', log_virtual_host, 0
     },
+#ifdef APACHE_SSL
+    { 'c', log_ssl_info, 0 },
+#endif
     {
         'p', log_server_port, 0
     },
@@ -725,6 +745,71 @@
     parse_log_item(p, (log_format_item *) ap_push_array(a), &s);
     return a;
 }
+
+#ifdef APACHE_SSL
+const char *log_ssl_info(request_rec *r, char *a)
+    {
+    char str[MAX_STRING_LEN];
+
+    if(!r->connection->client->ssl)
+	return NULL;
+
+    if(!strcmp(a, "cipher"))
+	return SSL_get_cipher(r->connection->client->ssl);
+
+    if(!strcmp(a, "clientcert"))
+	return r->connection->client->szClientX509;
+
+    if(!strcmp(a, "errcode"))
+	if(r->connection->client->nVerifyError)
+	    {
+	    sprintf(str, "%d", r->connection->client->nVerifyError);
+	    return ap_pstrdup(r->pool,str);
+	    }
+	else
+	    return NULL;
+
+    if(!strcmp(a, "errstr"))
+	if(r->connection->client->nVerifyError)
+#if SSLEAY_VERSION_NUMBER < 0x0800
+	    return X509_cert_verify_error_string(r->connection->client->nVerifyError);
+#else
+	    return X509_verify_cert_error_string(r->connection->client->nVerifyError);
+#endif
+	else
+	    return NULL;
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+    if(!strcmp(a, "version"))
+	{
+#if SSLEAY_VERSION_NUMBER >= 0x0900
+	switch(r->connection->client->ssl->session->ssl_version)
+	    {
+	case TLS1_VERSION:
+	    return "TLS1";
+
+	case SSL3_VERSION:
+	    return "SSL3";
+
+	case SSL2_VERSION:
+	    return "SSL2";
+
+	default:
+	    return "?";
+	    }
+#else
+	static char v[2];
+
+	v[0]='0'+r->connection->client->ssl->session->ssl_version;
+	v[1]='\0';
+	return v;
+#endif
+	}
+#endif
+    
+    return NULL;
+}
+#endif
 
 /*****************************************************************
  *
diff -u -r ../apache_1.3.12/src/modules/standard/mod_so.c ./src/modules/standard/mod_so.c
--- ../apache_1.3.12/src/modules/standard/mod_so.c	Tue May  4 11:21:14 1999
+++ ./src/modules/standard/mod_so.c	Wed Apr 12 07:40:34 2000
@@ -257,7 +257,8 @@
      * Make sure the found module structure is really a module structure
      * 
      */
-    if (modp->magic != MODULE_MAGIC_COOKIE) {
+    if (modp->magic != MODULE_MAGIC_COOKIE
+	&& modp->magic != SSL_MAGIC_COOKIE) {
         return ap_pstrcat(cmd->pool, "API module structure `", modname,
                           "' in file ", szModuleFile, " is garbled -"
                           " perhaps this is not an Apache module DSO?", NULL);
diff -u -r ../apache_1.3.12/src/support/apachectl ./src/support/apachectl
--- ../apache_1.3.12/src/support/apachectl	Tue Apr  6 20:36:33 1999
+++ ./src/support/apachectl	Thu Apr 27 10:10:52 2000
@@ -7,11 +7,11 @@
 #	0 - operation completed successfully
 #	1 - 
 #	2 - usage error
-#	3 - httpd could not be started
-#	4 - httpd could not be stopped
-#	5 - httpd could not be started during a restart
-#	6 - httpd could not be restarted during a restart
-#	7 - httpd could not be restarted during a graceful restart
+#	3 - httpsd could not be started
+#	4 - httpsd could not be stopped
+#	5 - httpsd could not be started during a restart
+#	6 - httpsd could not be restarted during a restart
+#	7 - httpsd could not be restarted during a graceful restart
 #	8 - configuration syntax error
 #
 # When multiple arguments are given, only the error from the _last_
@@ -24,8 +24,8 @@
 # the path to your PID file
 PIDFILE=/usr/local/apache/logs/httpd.pid
 #
-# the path to your httpd binary, including options if necessary
-HTTPD='/usr/local/apache/src/httpd'
+# the path to your httpsd binary, including options if necessary
+HTTPD='/usr/local/apache/src/httpsd'
 #
 # a command that outputs a formatted text version of the HTML at the
 # url given on the command line.  Designed for lynx, however other
@@ -51,27 +51,27 @@
     if [ -f $PIDFILE ] ; then
 	PID=`cat $PIDFILE`
 	if [ "x$PID" != "x" ] && kill -0 $PID 2>/dev/null ; then
-	    STATUS="httpd (pid $PID) running"
+	    STATUS="httpsd (pid $PID) running"
 	    RUNNING=1
 	else
-	    STATUS="httpd (pid $PID?) not running"
+	    STATUS="httpsd (pid $PID?) not running"
 	    RUNNING=0
 	fi
     else
-	STATUS="httpd (no pid file) not running"
+	STATUS="httpsd (no pid file) not running"
 	RUNNING=0
     fi
 
     case $ARG in
     start)
 	if [ $RUNNING -eq 1 ]; then
-	    echo "$0 $ARG: httpd (pid $PID) already running"
+	    echo "$0 $ARG: httpsd (pid $PID) already running"
 	    continue
 	fi
 	if $HTTPD ; then
-	    echo "$0 $ARG: httpd started"
+	    echo "$0 $ARG: httpsd started"
 	else
-	    echo "$0 $ARG: httpd could not be started"
+	    echo "$0 $ARG: httpsd could not be started"
 	    ERROR=3
 	fi
 	;;
@@ -81,27 +81,27 @@
 	    continue
 	fi
 	if kill $PID ; then
-	    echo "$0 $ARG: httpd stopped"
+	    echo "$0 $ARG: httpsd stopped"
 	else
-	    echo "$0 $ARG: httpd could not be stopped"
+	    echo "$0 $ARG: httpsd could not be stopped"
 	    ERROR=4
 	fi
 	;;
     restart)
 	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: httpd not running, trying to start"
+	    echo "$0 $ARG: httpsd not running, trying to start"
 	    if $HTTPD ; then
-		echo "$0 $ARG: httpd started"
+		echo "$0 $ARG: httpsd started"
 	    else
-		echo "$0 $ARG: httpd could not be started"
+		echo "$0 $ARG: httpsd could not be started"
 		ERROR=5
 	    fi
 	else
 	    if $HTTPD -t >/dev/null 2>&1; then
 		if kill -HUP $PID ; then
-		    echo "$0 $ARG: httpd restarted"
+		    echo "$0 $ARG: httpsd restarted"
 		else
-		    echo "$0 $ARG: httpd could not be restarted"
+		    echo "$0 $ARG: httpsd could not be restarted"
 		    ERROR=6
 		fi
 	    else
@@ -113,19 +113,19 @@
 	;;
     graceful)
 	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: httpd not running, trying to start"
+	    echo "$0 $ARG: httpsd not running, trying to start"
 	    if $HTTPD ; then
-		echo "$0 $ARG: httpd started"
+		echo "$0 $ARG: httpsd started"
 	    else
-		echo "$0 $ARG: httpd could not be started"
+		echo "$0 $ARG: httpsd could not be started"
 		ERROR=5
 	    fi
 	else
 	    if $HTTPD -t >/dev/null 2>&1; then
 		if kill -USR1 $PID ; then
-		    echo "$0 $ARG: httpd gracefully restarted"
+		    echo "$0 $ARG: httpsd gracefully restarted"
 		else
-		    echo "$0 $ARG: httpd could not be restarted"
+		    echo "$0 $ARG: httpsd could not be restarted"
 		    ERROR=7
 		fi
 	    else
@@ -152,9 +152,9 @@
 	echo "usage: $0 (start|stop|restart|fullstatus|status|graceful|configtest|help)"
 	cat <<EOF
 
-start      - start httpd
-stop       - stop httpd
-restart    - restart httpd if running by sending a SIGHUP or start if 
+start      - start httpsd
+stop       - stop httpsd
+restart    - restart httpsd if running by sending a SIGHUP or start if 
              not running
 fullstatus - dump a full status screen; requires lynx and mod_status enabled
 status     - dump a short status screen; requires lynx and mod_status enabled
diff -u -r ../apache_1.3.12/src/support/suexec.c ./src/support/suexec.c
--- ../apache_1.3.12/src/support/suexec.c	Tue Jan 11 19:47:59 2000
+++ ./src/support/suexec.c	Sat Mar  4 12:57:53 2000
@@ -227,7 +227,8 @@
     cidx++;
 
     for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
-	if (!strncmp(*ep, "HTTP_", 5)) {
+	if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep,"HTTPS",5)
+	    || !strncmp(*ep,"SSL_",4)) {
 	    cleanenv[cidx] = *ep;
 	    cidx++;
 	}
