svn commit: r521093 - in /httpd/site/trunk/dist/binaries/win32: HEADER.html README.html

[wr...@apache.org]

Author: wrowe
Date: Wed Mar 21 20:00:03 2007
New Revision: 521093

URL: http://svn.apache.org/viewvc?view=rev&rev=521093
Log:
Split this into the description, and cryptographic notice.

Modified:
    httpd/site/trunk/dist/binaries/win32/HEADER.html
    httpd/site/trunk/dist/binaries/win32/README.html

Modified: httpd/site/trunk/dist/binaries/win32/HEADER.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/binaries/win32/HEADER.html?view=diff&rev=521093&r1=521092&r2=521093
==============================================================================
--- httpd/site/trunk/dist/binaries/win32/HEADER.html (original)
+++ httpd/site/trunk/dist/binaries/win32/HEADER.html Wed Mar 21 20:00:03 2007
@@ -7,6 +7,7 @@
 <li><a href="#problems">Problems Installing or Running Apache 2</a></li>
 <li><a href="#released">Obtain the Current Stable Release</a><br/></li>
 <li><a href="#source">Debugging and Source Code</a></li>
+<li><a href="#crypto">Cryptographic Software Notice</a></li>
 </ul>
 
 <h2>Download from your

Modified: httpd/site/trunk/dist/binaries/win32/README.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/binaries/win32/README.html?view=diff&rev=521093&r1=521092&r2=521093
==============================================================================
--- httpd/site/trunk/dist/binaries/win32/README.html (original)
+++ httpd/site/trunk/dist/binaries/win32/README.html Wed Mar 21 20:00:03 2007
@@ -99,25 +99,11 @@
 <p>The -win32-x86-no_ssl.msi packages do not contain any cryptographic software,
    such as OpenSSL, mod_ssl, nor an https: enabled abs utility.</p>
 
-<p>The -win32-x86-openssl.msi packages do contain cryptographic software,
-   including OpenSSL, mod_ssl, and an https: enabled version of the ab 
-   ApacheBench utility.  The country in which you currently reside may have
-   restrictions on the import, possession, use, and/or re-export to another 
-   country, of encryption software.  BEFORE using any encryption software,
-   please check your country's laws, regulations and policies concerning the
-   import, possession, or use, and re-export of encryption software, to see 
-   if this is permitted.  See <http://www.wassenaar.org/> for more
-   information.</p>
-
-<p>The U.S. Government Department of Commerce, Bureau of Industry and
-   Security (BIS), has classified this software as Export Commodity 
-   Control Number (ECCN) 5D002.C.1, which includes information security
-   software using or performing cryptographic functions with asymmetric
-   algorithms.  The form and manner of this Apache Software Foundation
-   distribution makes it eligible for export under the License Exception
-   ENC Technology Software Unrestricted (TSU) exception (see the BIS 
-   Export Administration Regulations, Section 740.13) for both object 
-   code and source code.</p>
+<p>The -win32-x86-openssl-(version).msi package includes an https: enabled
+   abs.exe utility, mod_ssl.so TLS/SSL protocol module, and a binary
+   distribution of the specified version of OpenSSL.  Please review the
+   <a href="#crypto">Cryptographic Software Notice</a> carefully before 
+   downloading, using or redistributing this package.</p>
 
 <h3>The 2.0 legacy stable release is Apache 2.0.59</h3>
 
@@ -179,3 +165,49 @@
    patches_applied/openssl-0.9.8d-vc32.patch to modify that build, and
    have proposed this patch back to the project for its consideration.</p>
 
+<h2><a name="crypto">Cryptographic Software Notice</a></h2>
+
+<p>This distribution may include software that has been designed for use with
+cryptographic software.  The country in which you currently reside may have
+restrictions on the import, possession, use, and/or re-export to another
+country, of encryption software.  BEFORE using any encryption software, please
+check your country's laws, regulations and policies concerning the import,
+possession, or use, and re-export of encryption software, to see if this is
+permitted.  See <a href="http://www.wassenaar.org/">http://www.wassenaar.org/</a>
+for more information.</p>
+
+<p>The U.S. Government Department of Commerce, Bureau of Industry and Security
+(BIS), has classified this software as Export Commodity Control Number (ECCN)
+5D002.C.1, which includes information security software using or performing
+cryptographic functions with asymmetric algorithms.  The form and manner of
+this Apache Software Foundation distribution makes it eligible for export
+under the License Exception ENC Technology Software Unrestricted (TSU)
+exception (see the BIS Export Administration Regulations, Section 740.13)
+for both object code and source code.</p>
+
+<p>The following provides more details on the included files that may be
+subject to export controls on cryptographic software:</p>
+
+<p>Apache httpd 2.0 and later versions include the mod_ssl module under
+modules/ssl/ for configuring and listening to connections over SSL encrypted
+network sockets by performing calls to a general-purpose encryption library,
+such as OpenSSL or the operating system's platform-specific SSL facilities.
+</p>
+
+<p>In addition, some versions of apr-util provide an abstract interface for
+SSL encrypted network sockets in the files under the directory 
+srclib/apr-util/ssl/ that makes use of a general-purpose encryption library, 
+such as OpenSSL or the operating system's platform-specific SSL facilities.  
+Apache httpd currently does not use that apr-util interface.</p>
+
+<p>Some object code distributions of Apache httpd, indicated with the word
+"crypto" in the package name, may include object code for the OpenSSL
+encryption library as distributed in open source form from
+<a href="http://www.openssl.org/source/">http://www.openssl.org/source/</a>.
+</p>
+
+<p>The above files are optional and may be removed if the cryptographic
+functionality is not desired or needs to be excluded from redistribution.
+Distribution packages of Apache httpd that include the word "nossl" in the
+package name have been created without the above files and are therefore not
+subject to this notice.</p>