                       _             _ 
   _ __ ___   ___   __| |    ___ ___| |  
  | '_ ` _ \ / _ \ / _` |   / __/ __| |  
  | | | | | | (_) | (_| |   \__ \__ \ |  mod_ssl - Apache Interface to SSLeay  
  |_| |_| |_|\___/ \__,_|___|___/___/_|  http://www.engelschall.com/sw/mod_ssl/
                       |_____|         
  _____________________________________________________________________________


  ChangeLog
  ---------

  This file summarizes *all* types of changes to the mod_ssl package, i.e.
  changes between each betalevel or patchlevel (2.x.y->2.x[.b](y+1) and
  2.x.y->2.(x+1).0).  Take this list as a reference for concrete and detailed
  information about every single change.

  Changes with mod_ssl 2.1b3 (06-Sep-1998 to xx-Sep-1998)

   *) Removed a few unneccessary local buffer usages in the mod_ssl-related
      code in mod_log_config.c.

   *) Updated the documentation for the recent changes, especially for the new
      SSLRequire directive and the new provided CGI/SSI variables. I've now
      also added a new FAQ which tries to explain why SSL cannot be used
      together with name-based virtual hosts (IP-based virtual hosts have to
      be used).

   *) Fixed ssl_log() (the function which is used produce all kinds of
      SSL logfile messages): It failed for messages with "%" because
      it insecurely used fprintf at some points.

   *) Added --quiet|-q, --verbose|-v and --help|-h options to mod_ssl's
      `configure' script for controlling the verbosity and for more user
      friendlyness.

   *) Now the mod_ssl `configure' script creates a `config.status' script as
      APACI does. This can be used for re-configuring mod_ssl the same way one
      does it for Apache.

   *) The top-level APACI Makefile now gives a hint for `apachectl start-SSL'
      (which internally uses the `httpd -DSSL' command).

   *) Now on `make certificate' the hash symlinks in conf/sslcerts/ are
      generated via the provided Makefile instead of directly linking (which
      fails under some platforms).

   *) Added boolean expression scanning/parsing/evaluation as ssl_expr_*
      sources and a new SSLRequire directive which now uses this
      functionality.  This directive can be used in both per-server and
      per-directory context and has the syntax ``SSLRequire <expr>'' where
      <expr> is defined as:

        expr     ::= "true" | "false" 
                   | "!" expr
                   | expr "&&" expr
                   | expr "||" expr
                   | "(" expr ")"
                   | comp
        comp     ::= word "==" word 
                   | word "!=" word
                   | word "<"  word
                   | word "<=" word
                   | word ">"  word
                   | word ">=" word
                   | word "in" "{" wordlist "}"
                   | word "=~" regex
                   | word "!~" regex
        wordlist ::= word 
                   | wordlist "," word
        word     ::= digit
                   | cstring
                   | variable
                   | function
        digit    ::= [0-9]+
        cstring  ::= "..."
        variable ::= "%{" [a-zA-Z][a-zA-Z0-9_-]* "}"
        function ::= funcname "(" funcargs ")"

      Here for %{XXXX} mostly _all_ possible server variables can be looked
      up: the standard CGI variables, the SSL CGI variables, the internal
      variables known from mod_rewrite, etc. pp. The intent is the following:
      With <expr> one can specifiy an arbitrary complex boolean expression
      which is evaluated under runtime. When it evaluates to "true" access for
      the current request is granted. If it evaluates to "false" access for
      the current request is denied. The main use for this is for flexible
      certificate screening (because one can lookup all certificate X.509
      fields via %{SSL_CLIENT_xxx}). But it can be used for other
      authentication schemes, too.

      This is now the general authentication workhorse. With it we were able
      to remove the too special SSLRequireCipher and SSLBanCipher directives
      because their functionalities are just special cases of a boolean
      expressions:

      SSLRequireCipher C1 C2 ... => SSLRequire %{SSL_CIPHER} in ("C1", "C2", ...)
      SSLBanCipher     C1 C2 ... => SSLRequire not %{SSL_CIPHER} in ("C1", "C2", ...)

      For mod_ssl 2.1.0 (the release version) the above mapping will be done
      automatically on the fly by the backward-compatibility code.

   *) Removed the __SSLeay prefix inside the source now that the function
      prefixes are documented in the README file.

  Changes with mod_ssl 2.1b2 (02-Sep-1998 to 06-Sep-1998)

   *) Added the first cut of HTTPS support for the proxy module. This is
      currently done by making the generic HTTP handler SSL-aware. But it
      still doesn't provide support for client or server authentication nor
      does it provide a way to configure it. Later we'll add perhaps
      SSLProxyXXXXX directives to allow the users to configure the SSL client
      inside the proxy.  But beside this it's full functional. One can use it
      for proxying https://xxx URLs and also use `ProxyPass https://xxxx'.
      (the sources of SSLeay's s_client and cURL were my friends ;-)

   *) Replaced old kludges in mod_log_config.c and mod_ssl sources to
      determine SSL protocol name with the clean SSL_get_version() which
      already exists in SSLeay 0.8 and 0.9.

   *) As a of the new ssl_var_lookup() the function ssl_ExpandCert() with the
      old less-portable and unclean parsing stuff (parsed the DN into the
      fields on a string basis instead of correctly determining the fields
      from SSLeay structures) was kicked out and the environment annotation is
      now done with generic variable lookups. 

   *) Added a new source file named ssl_engine_vars.c which contains
      a waterfall approach to expanding arbitrary server+SSL variables.  The
      main function is ssl_var_lookup() which can operate in different
      contexts. The idea is to resolve information mainly through this
      function when it's required. Currently the usage is: logfile entries,
      environment annotation. In the future this will be also used for the
      SSLRequire directive.

   *) Cleaned up the API command configuration and shortened the code by using
      #defines. Additionally removed the polymorphic command handling
      functions with real ones (less pointer arithmetic and preparation for
      more config-time syntax checks).

  Changes with mod_ssl 2.1b1 (26-Aug-1998 to 02-Sep-1998)

   *) Again completely rewrote the pass phrase handling. This time because the
      recent dicussions on the sw-mod-ssl mailing lists showed that the direct
      caching of pass phrases under run-time and the forcing of the
      administrator to use a single pass phrase for all private key files is
      not really reasonable. Now the pass phrase handling looks this way:

      1. A directive `SSLPassPhraseDialog builtin|exec:/path/to/program'
         is used for configuring the pass phrase dialog. The `builtin' is a
         terminal based dialog while `exec:/path/to/program' runs an external
         program (which gets `servername:port' as the argument for which the
         pass phrase has to be given on stdout).

      2. The `builtin' terminal dialog is now a lot different:
         First it detacts wrong pass phrases and gives reasonable error
         messages and second it uses Holger Reif's maximum-reuse idea for the
         pass phrase query:

         When a private key file is encrypted, all known pass phrases (at the
         beginner there are none, of course) are tried. If one of those known
         pass phrases succeeds no dialog pops up for this file.  If none
         succeeded, another pass phrase is queried and remembered for the next
         round (where it perhaps can be reused).  This scheme allows mod_ssl
         to be maximum flexible (because for N encrypted private key files you
         _can_ use N different pass phrases - but then you have to enter all
         of them, of course) while minimizing the dialog (i.e.  when you use a
         single pass phrase for all N private key files this pass phrase is
         queried only once).

      3. After the pass phrase dialog the temporarily remembered pass phrases
         are immediately wiped out from memory. Instead only the
         SSLeay-internal representation of the RSA private key and the X.509
         certificate are stored (as SSLeay already does itself). For this a
         per-module global configuration pool is used which survives Apache
         server restarts. This means that Apache will again no longer fall
         down on restarts.

   *) Beside the per-directory and per-server context configurations 
      we now use a per-module global configuration pool which survives both
      the Apache API 2nd init round and server restarts. This is done by using
      an own permanent memory sub-pool. The idea for this tricky approach
      which came from Philip Gwyn. This global configuration pool now holds
      _all_ previous global variables (ssl_g_xxx). This way mod_ssl now uses
      only a single global variable.

   *) Added ssl_engine_ds.c source which contains new data structures (array
      and table) which are based on Apache's API arrays but can contain
      arbitrary data (important especially for the tables).

   *) Removed all explicit ap_clear_pool() calls which are no longer
      necessary because we already got rid of the gcache stuff
      which required it.

   *) Moved all pass phrase handling stuff into own file ssl_engine_pphrase.c
      source file

   *) Now the error messages which are duplicated to the general
      Apache error logfile are prefixed with "mod_ssl:" there to
      indicate from where they come.

   *) Forward-port from 2.0.6: Added RSAref support for the US-citizens:
      mod_ssl now automatically recognizes an SSLeay compiled with -DRSAref,
      automatically finds libRSAglue and librsaref.a or rsaref.a.
      Additionally beside SSL_BASE now the variable RSA_BASE can be used to
      select a particular RSAref source tree (if not installed under system
      locations).  This way mod_ssl provides out-of-the-box support for
      SSLeay+RSAref.

   *) Changed SSLSessionCacheDefault from 0 (none) to a reasonable
      300s default.

   *) The socket connection message in the SSL Engine logfile now
      also displays the Cipher keysizes for even more information
      about the connection.

  Changes with mod_ssl 2.1b0 (17-Aug-1998 to 26-Aug-1998)

   *) Added a few files to the distribution: First my PGP public key as
      ssl.contrib/rse.pgp to the distribution so people can use it on
      forthcoming releases to verify the tarballs signature. Second the files
      WISHES and TODO which contain the mod_ssl wishlist and the ToDo-list for
      2.1.0.

   *) Finally fixed the SSL connection deallocation and removed the old
      FREE_SESSION stuff.

   *) Added support for annotating SSLeay error messages. Now some
      of the raw-level SSLeay error messages are automatically annotated with 
      high-level hints. For instance the unmeaningly message
      ``error:06065064:digital envelope routines:EVP_DecryptFinal:bad
      decrypt'' now reads ``...routines:EVP_DecryptFinal:bad decrypt [Hint:
      wrong pass phrase!?]'' etc.

   *) Removed ERR_load_crypto_strings() call because it's already contained in
      SSL_load_error_string() from SSLeay 0.8 and 0.9.  Additionally now a
      ERR_clear_error() is done after each logfile entry was written to make
      sure no unread SSLeay errors are kept and occur with later messages
      (where they would confuse people).

   *) Renamed `SSLLogFile' to `SSLLog' because it isn't always a file,
      it also can have an argument "|/path/to/filter" and act as
      a reliable pipe to a logging filter program.

   *) Renamed `SSLRequiredCiphers' directive to `SSLCipherSuite'
      because the Apache-SSL directivename `SSLRequiredCiphers' was a full
      accident. Because first it always got intermixed with the per-directory
      context directive `SSLRequireCipher'. And second this sets not Ciphers
      which are all `required'. It just sets the Ciphers the clients is
      permitted to negotiate (the client actually chooses only _one_ Cipher).

   *) Added SSLMutex for mutal expclusion of server process operations.
      This is currently used only for synchronizing access to the new Session
      Cache stuff. Three variants can be configured: `SSLMutex none' (no mutex
      at all - works but risky), `SSLMutex file:/path/to/lockfile' (portable)
      and `SSLMutex ipcsem' (elegant but not portable).

   *) Moved the backward compatibility stuff into its own module:
      mod_sslcompat. This module now already provides configuration directive
      compatibility for both Apache-SSL and Sioux.  More (Stronghold?) can be
      add later, too. Additionally a mod_sslcompat.html document was written
      which described the provided configuration directive mapping.

   *) Split the mod_ssl sources from its large 70KB file into smaller chunks,
      which are now mainly named accoring to the logical modules they contain.
      This way the source inside src/modules/ssl/ is easier to overview.  Just
      one minor drawback: We lose a lot of nice `static' and have to prefix
      really _all_ functions with `ssl_' now.

   *) Replaced the gcache stuff from Apache-SSL days and replaced it
      by a more simple but even more flexible approach. Now the new
      `SSLSessionCache' directive replaces `SSLCacheServerPath' and
      `SSLCacheServerPort'.  The SSLSessionCacheTimeout remains and has the
      old semantics.  So, where is the difference? The old gcache stuff was
      like this: An extra process (ssl_gcache) was running in parallel to the
      httpd server processes and listening to a socket. Through SSLeay
      callbacks the internal SSLeay caches of all server processes were synced
      with this global cache.  For this socket connections were established.
      The drawback of this approach were:

      1. The nasty fiddling with the extra child process was totally buggy

      2. The gcache program itself used another local memory cache. This
         was totally unnecessary because SSLeay already caches the stuff in a
         local memory cache. So, under Apache-SSL three cache layers were used
         (1: SSLeay internal, 2: gcache internal, 3: gcache external) while
         layer 2 is not needed.

      So the intent now was to replace this with a better solution. The idea
      came from Stronghold: We either cache the information never (the
      default), in a hashfile on the local disk (the portable variant -
      already implemented) or even in a hash structure inside a shared memory
      segment ( (non-portable, but fast and elegant - still not implemented,
      only stubs were created to plug this in later).

   *) CORRECTLY SOLVE THE PASS PHRASE DIALOG PROBLEM (the problem is that
      Apache detaches from the terminal before the SSLeay pass phrase dialog
      pops up). First I got rid of the ugly and unsuccessful filedescriptor
      hacks Ben added recently to Apache-SSL because they do not work under
      all platforms as expected. Second I re-ordered the control flow to allow
      the following processing:
      
      Now at the 1st round of the Apache API init cycle the servers are
      scanned for certificate and key files and the first one which uses an
      encrypted key forces the pass phrase dialog to pop up. This dialog is
      either an interactive builtin terminal dialog (`SSLPassPhraseDialog
      builtin' - which is similar to SSLeay default dialog) or can be driven
      in batch by a filtering program which is run once and has to provide the
      pass phrase on stdout (`SSLPassPhraseDialog /path/to/program').  After
      this the pass phrase is _temporarily_ stored in memory for use later in
      the 2nd round of the Apache API init cycle. Now additionally this pass
      phrase can be kept in memory (`SSLPassPhraseCaching on') for forthcoming
      server restarts (`kill -HUP') or is explicitly wiped out from memory
      (`SSLPassPhraseCaching off' - for the paranoid users).

      The following combinations are possible:

      1. THE SMART DEFAULT VARIANT:
         `SSLPassPhraseDialog builtin' + `SSLPassPhraseCaching on':
         This is the default which is reasonable for most of the users. This
         way on Apache startup time the pass phrase is requested on the
         terminal but kept in memory for all forthcoming restarts.

      2. THE THEORY VARIANT:
         `SSLPassPhraseDialog builtin' + `SSLPassPhraseCaching off':
         This combination leads to a server fall-down on any occuring restarts
         because the terminal dialog _cannot_ be done at restart time (Apache
         is already detached).  So, this combination is only interesting in
         theory but should be avoided because its not really useful in
         practice.  

      3. THE BATCH VARIANT:
         `SSLPassPhraseDialog /path/to/program' + `SSLPassPhraseCaching on':
         This is for users who want to remote control the Apache startup or
         make it automatic by controlling the dialog from within a program.
         This program is run only once at startup. Then the pass phrase is
         kept in memory for forthcoming restarts.

      4. THE PARANOIA VARIANT: 
         `SSLPassPhraseDialog /path/to/program' + `SSLPassPhraseCaching off':
         This is for the really paranoid users who want avoid any pass phrase
         caching. Instead both on startup and restart time the pass phrase has
         to be provided by an external program.
      
   *) The SSL logfile is now placed in the main server instead of the virtual
      host because its actually a global logfile, even when it could be used
      only inside a virtual server.  

   *) The expensive operation of generating the temporary RSA key is now done
      before Apache forks the server processes. This speeds up the startup
      phase a little bit.

   *) Added new SSLCACertificateReqFile directive which defaults to the value
      of SSLCACertificateFile. It sets the all-in-one file where one can
      assemble the Certificates of Certification Authorities (CA) whose
      servers you deal with. These are optionally used by the clients for
      SSLv3 Server Authentication to speedup processing. The file is requested
      by the client via the "SSLv3 write certificate request A" for loading
      intermediate CA certificates in the certificate chain (only SSLv3). It
      is simply the concatenation of the various PEM-encoded certification
      files, in order of preference.  

   *) Inlined some functions like init_SSLeay() and init_VerifyType() because
      they were really small functions and only used once in mod_ssl. These
      were stand-alone functions in Apache-SSL without real need.

   *) Made `SSLEnable'/`SSLDisable' directives obsolete by adding the simpler
      `SSEngine on|off'. The old directives are now deprecated but still can
      be used for backward-compatibility with Apache-SSL. Additionally the
      default is now `SSLEngine off' (formerly `SSLDisable') instead of the
      Apache-SSL default of `SSLEngine on'. This breaks a little bit with
      Apache-SSL semantics, but doesn't hurt as much as it sounds.  Because
      people run SSL inside a virtual hosts and thus already have a SSLDisable
      in their main (non-SSL) server. The difference is just that with mod_ssl
      one no longer has to add SSLDisable to all non-SSL virtual hosts (which
      is nasty).  OTOH SSL is an additional feature, so the logic of "disabled
      per default and have to be enabled explicity" is more useful and what is
      expected.

   *) The "SSL rubbish logfile" of Apache-SSL was now replaced by real
      dedicated SSL logfile which contains no longer "rubbish".  For this the
      logging mechanism in mod_ssl was completely re-written from scratch and
      now looks like this:

      1. `SSLogFile <file>' is optional
      2. `SSLogFile /dev/null' disables the logging _without_ overheads
      3. `SSLLogLevel <level>' controls the degree of verbosity in SSLLogFile
      4. `SSLogLevel none' disables the logging _without_ overheads and is the
         default.
      5. Log messages of type `error' are _always_ duplicated to 
         the Apache general error logfile, even under `SSLLogLevel none'.
      6. The maximum logging can be now achieved by using `SSLLogLevel debug'.

      Additionally obsolete logging stuff from Apache-SSL was removed from the
      source code.  Finally the logfiles in the provided default config were
      changed: ssl_log is now the dedicated SSL protocol logfile (SSLLogFile)
      while the custom logfile (CustomLog) containing only one line per
      request is now named ssl_req_log.

  ____________________________________________________________________________


  Changes with mod_ssl 2.0.6 (25-Aug-1998 to 29-Aug-1998)

   *) Added RSAref support for the US-citizens: mod_ssl now automatically
      recognizes an SSLeay compiled with -DRSAref, automatically finds
      libRSAglue and librsaref.a or rsaref.a.  Additionally beside SSL_BASE
      now the variable RSA_BASE can be used to select a particular RSAref
      source tree (if not installed under system locations). This way mod_ssl
      provides out-of-the-box support for SSLeay+RSAref.

   *) Back-port from 2.1: Replaced assert()ions with non-process-terminating
      runtime checks and removed some unnecessary debugging stuff. 

   *) Back-port from 2.1: Finally fixed the SSL connection deallocation and
      removed the old FREE_SESSION stuff by back-porting the change from the
      2.1 track.

   *) Added PGP public key as ssl.contrib/rse.pgp to the distribution 
      so people can use it on forthcoming releases to verify the tarballs
      signature.

   *) Taken over a change between Apache-SSL 1.22 and 1.23: Move the call for
      launching the gcache program to a later point in processing.

   *) Back-port from 2.1: Removed ERR_load_crypto_strings() call because it's
      already contained in SSL_load_error_string() from SSLeay 0.8 and 0.9.

  Changes with mod_ssl 2.0.5 (18-Aug-1998 to 25-Aug-1998)

   *) Fix per-server configuration structure merging.

   *) Added support for reliable piped logs to SSLLogFile directive which can
      be used to plug-in a filter program which receives the logfile entries.

   *) Removed per-server check for valid SSLVerifyClient argument because in
      mod_ssl it's no longer possible that an invalid argument can exit under
      run-time because the argument is already validated under config-time.

   *) Removed DEBUG_SSLEAY stuff from Apache-SSL because SSL_debug() does no
      longer exist in SSLeay 0.9.x.

   *) Added one more digit at the MOD_SSL define value to indicate beta or
      release versions. The scheme now is the following (only important when
      one has to check against the version of an SSL-aware Apache from within
      an own module): <version>.<revision><type><level> where <version>,
      <revision> and <level> are numbers between 0 and 99 while <type> is
      either `b' (for beta versions) or `.' (for release versions). From
      this the MOD_SSL define is created similar to this command:

          sprintf("%d%02d%c%02d", <version>, <revision>, 
                                  <type> == `b' ? 0 : 1, <level>);

      As an example: the beta version 2.1b3 has MOD_SSL=201003 while
      the release version 2.1.4 has MOD_SSL=201104.

   *) Fixed typos in mod_ssl.html document and mod_ssl.c source.

   *) Created two buttons similar to the existing "Includes SSLeay
      encryption software" button: One for Apache ("Powered by Apache
      Webserver Software") and one for mod_ssl ("Secured by mod_ssl
      Interface"). These are now put on the default frontdoor webpage at
      install time.

   *) Removed half done DSO-related stuff from Apache-SSL because it's
      useless.  Why? Because mod_ssl currently _cannot_ be build as a DSO,
      because:

      1. Because SSLeay is directly called from within Apache's buffer code
         (SSL_write/SSL_read) because the Apache API lacks a hook for this.
         But direct calls from the core to modules and libraries is tabu under
         DSO situation.

      2. Because mod_ssl is directly called from within Apache's main loop
         for setting up the SSL protocol after the socket connection was
         established because the Apache API lacks a hook for this.  But
         direct calls from the core to modules and libraries is tabu under
         DSO situation.

      3. Because the pass-phrase dialog can be done only before Apache
         detaches from the terminal. But the general order is this:

           a) ap_read_config (where LoadModule is done)
           b) ap_init_modules (where mod_ssl can do the pass-phrase dialog)
           c) detaching
           d) ap_read_config (where DSOs are unloaded and reloaded)
           e) ap_init_modules (where mod_ssl no longer can do the dialog)

         When mod_ssl is not a DSO it can do the pass-phrase dialog in step
         b), but when it's a DSO (assuming 1. and 2. are already solved) then
         it cannot preserve information between b) and e) because it is
         unloaded in the meantime.

      So, for DSO the Apache kernel has to be bloated up with some more
      features. Currently I want to avoid this because DSO is still not not
      really worth the effort (there are other things which can be improved in
      mod_ssl first). 

  Changes with mod_ssl 2.0.4 (16-Aug-1998 to 18-Aug-1998)

   *) Added VERSIONS file to the distribution which contains the
      release date and version numbers for reference.

   *) Make sure the server.pem certificate files in sysconfdir/sslcerts/ is
      not overridden on APACI re-installs. Now a message simular to other
      existing APACI messages informs the user that his certificates are
      preserved.

   *) Added support for SSL_BASE=SYSTEM which means that SSLeay header files,
      libraries, configuration and binary files were not searched under a
      single SSL_BASE root. Instead they are searched inside the common system
      directories like /etc/, /usr/etc, /lib, /usr/lib, /usr/local/lib,
      /usr/include, etc. pp.

   *) Replaced even more old Apache-SSL relicts to make mod_ssl really secure,
      stable and robust: sprintf -> ap_snprinf, srcpy -> ap_cpystrn, fopen ->
      ap_pfopen.

   *) Added U.S. export law information to SUPPORT file to make sure
      mailing list users inside the United States remember the U.S. export law.

  Changes with mod_ssl 2.0.3 (13-Aug-1998 to 16-Aug-1998)

   *) Fixed a view ap_log_error() calls where APLOG_NOERRNO was missing.

   *) For better compatibility with Stronghold and because it is really more
      intuitive we now also provide the CustomLog directives %{subjectdn}c and
      %{issuerdn}c: The (more intuitive) %{subjectdn}c replaced the (confusing)
      %{clientcert}c directive (although %{clientcert}c is still accepted as an
      alias).  And the %{issuerdn}c was added (with the alias %{cacert}c :-( ).
      This way custom logfiles now can contain the certificate issuer as well.

   *) For better configuration sharing with Stronghold (which uses
      the name mod_ssl.c for its module, too) mod_ssl now defines not only the
      C Pre-Processor define MOD_SSL, it now also pre-defines the Apache
      configuration define MOD_SSL. This now can be used with <IfDefine
      MOD_SSL>..</IfDefine> sections without the need to startup Apache
      explicitly with an -DSSL or -DMOD_SSL option. 
   
   *) ANSI C doesn't allow one to forward declare an array variable without
      specifying the actual array size. GCC didn't complain, but other vendor
      compilers (like /bin/cc under IRIX) do. This is now fixed by re-ordering
      the definitions in the code to make the forward declaration not
      necessary.

   *) Let APACI adjust the port 443 to 8443 when installing under a non-root
      UID similar to what Apache already does with adjusting port 80 to 8080.

   *) Fix patch tool location for the situation where the user
      has to compile manually the stuff because of platforms errors.

   *) Incorporated changes from Apache-SSL 1.20 to 1.21:
      Was only a single register_cleanup -> ap_register_cleanup rename,
      because all other changes were either already in mod_ssl or will be done
      totally different with the next mod_ssl changes (for instance the
      logging stuff which gets replaced by a more improved version the next
      days - because Ben's idea to now log anything to Apache's error_log
      sounds not reasonable to me).

   *) Fixed variable arg usage in logging functions: va_end was missing.

  Changes with mod_ssl 2.0.2 (11-Aug-1998 to 13-Aug-1998)

   *) Make egrep arguments more safe because they failed under
      Solaris and other platforms. 

   *) Replaced basename() and dirname() functions in aux/patch/backupfile.c
      to avoid conflicts with glibc2's versions of these functions.

   *) Removed ssl.contrib/ssleay.diff because it was only needed
      for the temporary broken SSLeay 0.9.0b which was staying around on the
      net. 

   *) Now the sslcerts dir is created with permissions 755 and sslkeys 
      with 700 for security reasons.

   *) Now the FAQ inside the mod_ssl.html document has corresponding ToC
      entries. Additionally now the question "What is different between mod_ssl
      and Apache-SSL" is tried to be answered.  And a few hints were added on how
      to check HTTPS manually.

   *) Make the building of the 'patch' tool more robust by checking for
      success and providing a log of the failure. Additionally in case of
      problems the user now can use a --with-patch option to force the usage
      of a vendor patch program.

   *) Cleaned up the gcache stuff even more: reduced #includes
      to minimum and moved some stuff to the header file.

   *) Cleaned up the httpd.conf-dist entries for SSL.

   *) Cleanup mod_log_config.c patch and fixed %{version}c construct:
      It now says "SSLX" even under SSLeay 0.8.0.

   *) Misc. doc ajdustments: Fixed a few comment typos in apache.patch file;
      Added Announcement text as ANNOUNCE file to distribution; Fixed
      hyperlinks in mod_ssl.html document and added more useful hyperlinks to
      the README file.

   *) Replaced a lot of C constructs into shorthand defines to
      make the code even more readable and reviewable: 
      o ``strcmp ... == 0'' -> ``strEQ''
      o ``\0'' -> ``NUL''
      o ``ap_get_module_config(...)'' -> ``myXXConfig''
      o ``ap_overlay_tables'' -> ``cfgMergeTable''

   *) Fixed dependencies in src/modules/ssl/Makefile.tmpl

   *) Add Ben Laurie's copyright message to gcache sources, even when Ben
      missed it here. It's from Ben, so his copyright applies and credit has
      to be given. 

  Changes with mod_ssl 2.0.1 (10-Aug-1998 to 11-Aug-1998)

   *) Minor documentation updates.

   *) Now the ssl.patch/apache.diff file is named ssl.patch/apache.patch
      and contains descriptive annotations for each patches file. This way
      even the patches are easier reviewable.
 
   *) The configure patch was not 100% correct: The SSL has not to be
      disabled for --enable-module=most (where it should be enabled, of
      course). Instead it has to be disabled automatically for
      --enable-shared=max.
  
  Changes with mod_ssl 2.0.0 (April-1998 to 10-Aug-1998)
  
   *) Added "SSL library type" message to the configuration process
      to inform the user how we recognized the SSLeay location.
 
   *) Added support for conf/sslkeys/ directory both to configure
      script, Makefile.tmpl and default config files. Additionally now on
      "make install" the hash symlinks are created and a dummy server cert
      file is skipped.
 
   *) Fixed prop.sh script.
 
   *) Cleaned up mod_ssl.html document for release.
 
   *) Cleaned up the README file and added a situation report
      about the author conflict with Ben.
 
   *) Incorporated changes from Apache-SSL 1.19 to 1.20:
      - Do a cleanup before starting gcache.
      - Make gcache die when httpd dies. 
        This failing in previous versions appears to be a bug in Apache. 
      - Document the biz with passphrases and sleep.
      - Do Apache-SSL on inetd connections.
      ALL OTHER CHANGES BETWEEN APACHE-SSL 1.19 AND 1.20 WERE ALREADY DONE
      FOR MOD_SSL IN THE PAST BY Ralf S. Engelschall. Because it seems Ben
      just has drawn level Apache-SSL with the mod_ssl pre-release I sent to
      him last week.  Hmmmm...
 
   *) Minor cleanups to README and mod_ssl.html file.
 
   *) Now create the CHANGES.SSL in <apache>/src/ instead in <apache>/.
 
   *) Moved patch to a subdir aux/patch/ and added prop.sh for
      a visual process indicator while building the aux tools.
 
   *) Slightly fixed the configure scripts messages
 
   *) Added support for checking the Apache version: Now mod_ssl can
      only be applied to the correct matching Apache source tree.
 
   *) Added configurable support for mod_ssl version strings: Now
      a libssl.version file is created inside src/modules/ssl/ which holds
      the mod_ssl version. From this the libssl.module script creates a
      MOD_SSL_VERSION define holding the value as a string ("X.Y.Z") and a
      MOD_SSL define holding the value with a zero-spaced numerical value
      (XYYZZ). This way the mod_ssl received the string for the Server field
      and other modules can check against certain mod_ssl versions via #ifdef
      or more granular via #if MOD_SSL >= 20000 or whatever.
    
   *) Added support for named to SSLVerifyClient directive: Now the ogly
      numerical levels 0-2 are still valid but can be replaced by better
      readable names: "none", "optional", "require" and "optional_no_ca".
 
   *) Added Makefile for conf/sslcerts/ directory to keep <hash>.0 
      symlinks up-to-date.
 
   *) Translated the FAQ into HTML format and appended it to mod_ssl.html.
      Additionally I created a ca.sign script and a Makefile for sslcert/ in
      relation to the FAQ.
 
   *) Enhanced the logfile support: First I've converted nasty
      fprintf(stderr,..) to ap_log_error() variants. Second I've moved the
      fprintf(pConfig->fileLogfile,...) to ssl_log_own(pConfig,...) calls.
      And third error messages are now consistently prefixed with "mod_ssl:"
      and "SSLeay:" - dependend from which an error comes. And forth I've
      added the word "SSL" to a lot of messages to indicate that the
      SSL-relationship.  Additionally I removed doubled ERR_print_xxx calls.
  
   *) Cleanup up namespace by added lots of `static's, so only the
      module structure and the SSL_HOOK_xxx symbols are now exported.
 
   *) Fixed up Apache API structures for Apache 1.3: added MODULE_VAR_EXPORT
      for consistency and missing module structure dispatch pointers.
       
   *) Completely renamed the functions to use common prefixes which
      indicate their relationship and ordered the functions according to this
      relationship. Additionally a complete list of prototypes is now
      provided in mod_ssl.h. The order of functions now reflects the logical
      order when one wants to review the module: 1. API structures, 2. config
      handing, 3.  directive handling, 4. init functions, 5. API hooks, 6.
      internals, 7.  caching support, 8. logfile support and 9. utility
      functions.  Additionally I cleanup up the namespace of global data
      symbols: They now all have the prefix "_g": bFirstTime -> g_bFirstTime,
      szCacheServerPort -> g_szCacheServerPort, szCacheServerPath ->
      g_szCacheServerPath, s_pServer -> g_pServer.

   *) Now all stuff for SSLEay < 0.8.0 is removed because an #error was
      already given and there is now real need to support these versions any
      longer. As a consequence we now also could remove the CACHE_SESSIONS
      #ifdef mess because  this was enabled for >= 0.8.0 since a long time.

   *) Cleaned up the mess inside ap_config.h where TRUE, FALSE and BOOL
      where globally defined even when they were only used my mod_ssl.  Now
      all stuff mod_ssl needs is inside mod_ssl.h and not spread over the
      Apache sources without need. I've also cleaned up the "uchar"
      definition because this was defined only by coincidence. I've also
      replaced ugly return 0's with return FALSE and -1 by UNSET when the
      context was the one for UNSET (like for VerifyType). Additionally I
      replaced some incorrect declarations (extern uid_t ap_user_id) by
      including the correct header file (http_config_globals.h). In the same
      spirit for cleaness I've replaced the numerical filedescriptor numbers
      by the STDXX_FILENO aliases.

   *) Fixed a nasty bug: When a startup error occured an exit() was done.
      But an already started ssl_gcache program was not terminated because
      the exit() doesn't give Apache a chance to cleanup the pools (where the
      program is registered). Fixed by adding a bunch of ap_clear_pool()
      calls before the exit() calls. Additionally some more missing exit()'s
      were added to config checks. And last but not least a termination
      message is now created by ssl_gcache when it is terminated so one now
      see both the start and the termination of ssl_gcache program in the
      logfiles.
 
   *) Replaced various sprintf()'s by the more safe and correct ap_snprintf()
      variants. Same for fopen() and ap_pfopen() and other such functions.
 
   *) Prefixed all SSLeay function calls with __SSLeay to mark them
      for reviewing. I'm still not happy with this long and ugly reading
      prefix but need to use an initial one which doesn't conflict.
      Additionally I've then grep'ed out all __SSLeay prefixed symbols,
      sorted them by group and inserted them into a README which can help
      identifiying the used SSLeay API functions. The whole intent is
      just to make reviewing of the code more easier, because this is
      really important for security related sources.

   *) A lot of various minor cleanups and fixes: For instance I've corrected the
      directive descriptions, added some descriptive source comments, etc.
      Really to much of these minor cleanups to write them down, sorry.
 
   *) Added an FAQ file, assembled from some information found
      on www.apache-ssl.org

   *) Incorporated the changes between Apache-SSL 1.18-1.19
 
   *) Added back support for the old Apache 1.2 way of configuring and
      building by placing the SSL_BASE into src/Configuration.tmpl and
      providing steps in INSTALL, too.

   *) Added a complete Apache-style mod_ssl.html document which describes all
      mod_ssl directives in detail. I've also painted a nice mod_ssl logo out
      of the old mod_rewrite logo parts and a safety lock which secures the
      feather. The SSLeay logo is also part of the document to give credit.

   *) Added a `configure' frontend script for easy applying the mod_ssl
      source extension and patches to the Apache source tree. It also can
      replace APACI's configure script by running it in the background.
      Additionally a slightly changed GNU patch 2.1 tool is distributed under
      aux/ subdir to make sure the source patching works reliable because
      newer patches have problems with the apache.diff file and some systems
      have no "patch" at all.

   *) Split definitions from mod_ssl.c into own mod_ssl.h and converted all
      source files to the Apache coding styles to be consistent with the
      officially distributed Apache sources.
 
   *) Generation of a certificate is supported via top-level "make
      certificate" which correctly finds SSLeay both when SSLeay tree is the
      source tree or the installed tree.
 
   *) Added SSLNeedsSSL to config files and cleaned up the
      SSL-related stuff at the end of httpd.conf-dist.

   *) Out-of-the-box installation for a SSL-aware Apache is provided by
      automatically installing the certificate and the ssl_gcache program.
      Additionally the SSL-related directives in the extended httpd.conf file
      is adjusted, so one immediately can fire up an SSL-aware httpd.

   *) The name of the binary is now again "httpd" instead of the "httpsd"
      because "httpsd" reads ugly and confuses APACI. And there is no real
      need to distinguish between them, because one still can compile a
      standard Apache even after mod_ssl was applied to the Apache source
      tree. Or why isn't everybody using httppd just because mod_perl is
      built in? Bingo!
 
   *) Added Apache 1.3 Autoconf-style Interface (APACI) support to
      automatically enable the SSL module via --enable-module=ssl.  This also
      triggers the MOD_PERL define, so without this APACI option you still
      can build a standard Apache.

   *) Use the official Apache 1.3 way of adding strings to the
      HTTP Server header: via ap_add_version_component() instead of patching
      the defines in httpd.h.  Additionally it now creates a header like
      ``Server: Apache/1.3.1-dev (Unix) mod_ssl/2.0.0 SSLeay/0.9.0a'' i.e.
      SSLeay is part of the Server header. Because SSLeay's version is more
      important than mod_ssl's.

   *) Removed all broken parts in the original Ben-SSL patch, for instance
      incorrectly added newlines, incorrectly moved SecureWare, etc.

   *) Removed nasty terminal messages like "Skip first time initialization",
      "Launching ....", etc. These can be enabled in the future by using the
      ap_log_error stuff.

   *) Fixed incorrect log_ssl_info prototypes in mod_log_config.c from
      Ben-SSL patch and fixed minor other things.

   *) Cleaned up mod_ssl.c (formerly apache_ssl.c): removed unused variables
      mod_ssl.c, added prototypes, moved extern prototypes. Actually I've
      made it run quietly through ``gcc -Wall -Wshadow -Wpointer-arith
      -Wcast-align -Wmissing-prototypes -Wmissing-declarations
      -Wnested-externs -Winline'', etc.

   *) Renamed apache_ssl.c to mod_ssl.c for consistency and also
      to avoid problems inside APACI. Additionally the APACHE_SSL define was
      renamed to MOD_SSL which is also consistent which the behaviour of
      mod_perl which uses MOD_PERL.

   *) *GENESIS*: Based the complete code on Ben Laurie's latest Apache-SSL
      patch (Ben-SSL) version "apache_1.3.0+ssl_1.18". To avoid confusion and
      to show that its second generation stuff the mod_ssl version starts
      with 2.0.0. I've merged in all my previous work on Apache-SSL for
      Apache 1.3b, i.e. especially the APACI stuff.

