You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ha...@hyperreal.com> on 1996/02/14 17:13:46 UTC

SSL patch for Apache 1.0.2 WWW server (fwd)

no ack sent

Forwarded message:
> From wacek@tpg.krakow.pl  Wed Feb 14 04:35:15 1996
> X-Sender: wacek@numeron
> Message-Id: <v01530504ad477aa9aa87@[192.168.5.112]>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Wed, 14 Feb 1996 13:36:33 +0100
> To: eay@minicom.oz.au
> From: wacek@tpg.krakow.pl (Waclaw Sierek)
> Subject: SSL patch for Apache 1.0.2 WWW server
> Cc: apache-bugs@mail.apache.org
> 
> Using SSLeay-0.5.1a I was able to add SSL functionality to Apache WWW server.
> I uploaded apache-1.0.2-ssl.patch.tar.gz into ftp.psy.uq.oz.au/incoming
> 
> There are 2 files: ssl_fgets.c which should go to apache_1.0.2/src/
> and apache-ssl.patch which is actual patch
>    cd apache_1.0.2/src/ ; patch < apache-ssl.patch
> 
> Server is assumed to be SSL server if and only if there is
> CertificateFile /path/filename
> option in  <VirtualHost> section
> /path/filename should point to PEM encoded file containing both X509 certificate
> and RSAPrivate key
> 
> Known problems:
> NPH scripts want work over SSL connection (it's due to the way Apache handles
> NPH scripts), and also any module that by-passes procedures defined in
> http_protocol.c (i.e. writes directly to socket) will fail/have to be
> patched.
> Server uses global SSL_CTX and SSL structs so it'll have to be rewriten once
> Apache is ported to multithreaded environment.
> 
> (Suggestion for Apache Team - it would make further development easier if
> all procedures writing to socket (e.g. getline) take conn_rec struct
> instead of file
> descriptor of FILE*, I'm willing to work on this and submit patches if it's
> OK with your development policy)
> 
> As long as the contribution remains (OK it was pretty easy but it took some
> time anyway), I put no restriction on usage of this code, and I take no
> resposibility whatsoever (standard disclaimer applies).
> So as long as it's OK with Apache and SSLeay Licenses it may be used for
> comercial purposes (last time I checked it was perfectly OK to use both
> Apache and SSLeay were free to use for any purpose).
> 
> Final note:
> Although I take no resposibility for this code I do intend to improove
> it/support future versions of Apache/SSLeay. Questions, suggetsions, bug
> reports may be send to wacek@tpg.krakow.pl.
> Working example of Apache-SSL server may be found on https://www.tpg.krakow.pl/
> 
> 
> Waclaw Sierek                Al. Mickiewicza 31     tel (+48 12) 235516
> Sofware Engineer             31-120 Krakow          fax (+48 12) 234540
> The Polished Group Ltd.      Poland                 wacek@tpg.krakow.pl
> 
> 
>