summaryrefslogtreecommitdiff
path: root/modules/ssl/README
diff options
context:
space:
mode:
author(no author) <(no author)@unknown>2002-06-13 20:30:09 +0000
committer(no author) <(no author)@unknown>2002-06-13 20:30:09 +0000
commitbbc49505b385c8d5b0f195bae5750cdcee88518e (patch)
tree739dcd4ea40d9167cbcc190c5893d47b223bd22a /modules/ssl/README
parentf75ee91d7e13eb78b121cd589ce619c780ca344c (diff)
downloadhttpd-bbc49505b385c8d5b0f195bae5750cdcee88518e.tar.gz
This commit was manufactured by cvs2svn to create branch
'unlabeled-1.436.2'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/unlabeled-1.436.2@95658 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl/README')
-rw-r--r--modules/ssl/README129
1 files changed, 0 insertions, 129 deletions
diff --git a/modules/ssl/README b/modules/ssl/README
deleted file mode 100644
index b24af26fe5..0000000000
--- a/modules/ssl/README
+++ /dev/null
@@ -1,129 +0,0 @@
-SYNOPSIS
-
- This Apache module provides strong cryptography for the Apache 2.0 webserver
- via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
- v1) protocols by the help of the SSL/TLS implementation library OpenSSL which
- is based on SSLeay from Eric A. Young and Tim J. Hudson.
-
- The mod_ssl package was created in April 1998 by Ralf S. Engelschall
- and was originally derived from software developed by Ben Laurie for
- use in the Apache-SSL HTTP server project. The mod_ssl implementation
- for Apache 1.3 continues to be supported by the modssl project
- <http://www.modssl.org/>.
-
-SOURCES
-
- See the top-level LAYOUT file in httpd-2.0 for file descriptions.
-
- The source files are written in clean ANSI C and pass the ``gcc -O -g
- -ggdb3 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
- -Wmissing-declarations -Wnested-externs -Winline'' compiler test
- (assuming `gcc' is GCC 2.95.2 or newer) without any complains. When
- you make changes or additions make sure the source still passes this
- compiler test.
-
-FUNCTIONS
-
- Inside the source code you will be confronted with the following types of
- functions which can be identified by their prefixes:
-
- ap_xxxx() ............... Apache API function
- ssl_xxxx() .............. mod_ssl function
- SSL_xxxx() .............. OpenSSL function (SSL library)
- OpenSSL_xxxx() .......... OpenSSL function (SSL library)
- X509_xxxx() ............. OpenSSL function (Crypto library)
- PEM_xxxx() .............. OpenSSL function (Crypto library)
- EVP_xxxx() .............. OpenSSL function (Crypto library)
- RSA_xxxx() .............. OpenSSL function (Crypto library)
-
-DATA STRUCTURES
-
- Inside the source code you will be confronted with the following
- data structures:
-
- server_rec .............. Apache (Virtual) Server
- conn_rec ................ Apache Connection
- request_rec ............. Apache Request
- SSLModConfig ............ mod_ssl (Global) Module Configuration
- SSLSrvConfig ............ mod_ssl (Virtual) Server Configuration
- SSLDirConfig ............ mod_ssl Directory Configuration
- SSLConnConfig ........... mod_ssl Connection Configuration
- SSLFilterRec ............ mod_ssl Filter Context
- SSL_CTX ................. OpenSSL Context
- SSL_METHOD .............. OpenSSL Protocol Method
- SSL_CIPHER .............. OpenSSL Cipher
- SSL_SESSION ............. OpenSSL Session
- SSL ..................... OpenSSL Connection
- BIO ..................... OpenSSL Connection Buffer
-
- For an overview how these are related and chained together have a look at the
- page in README.dsov.{fig,ps}. It contains overview diagrams for those data
- structures. It's designed for DIN A4 paper size, but you can easily generate
- a smaller version inside XFig by specifing a magnification on the Export
- panel.
-
-EXPERIMENTAL CODE
-
- Experimental code is always encapsulated as following:
-
- | #ifdef SSL_EXPERIMENTAL_xxxx
- | ...
- | #endif
-
- This way it is only compiled in when this define is enabled with
- the APACI --enable-rule=SSL_EXPERIMENTAL option and as long as the
- C pre-processor variable SSL_EXPERIMENTAL_xxxx_IGNORE is _NOT_
- defined (via CFLAGS). Or in other words: SSL_EXPERIMENTAL enables all
- SSL_EXPERIMENTAL_xxxx variables, except if SSL_EXPERIMENTAL_xxxx_IGNORE
- is already defined. Currently the following features are experimental:
-
- o SSL_EXPERIMENTAL_ENGINE
- The ability to support the new forthcoming OpenSSL ENGINE stuff.
- Until this development branch of OpenSSL is merged into the main
- stream, you have to use openssl-engine-0.9.x.tar.gz for this.
- mod_ssl automatically recognizes this OpenSSL variant and then can
- activate external crypto devices through SSLCryptoDevice directive.
-
-INCOMPATIBILITIES
-
- The following intentional incompatibilities exist between mod_ssl 2.x
- from Apache 1.3 and this mod_ssl version for Apache 2.0:
-
- o The complete EAPI-based SSL_VENDOR stuff was removed.
- o The complete EAPI-based SSL_COMPAT stuff was removed.
- o The <IfDefine> variable MOD_SSL is no longer provided automatically
-
-MAJOR CHANGES
-
- For a complete history of changes for Apache 2.0 mod_ssl, see the
- CHANGES file in the top-level httpd-2.0 directory. The following
- is a condensed summary of the major changes were made between
- mod_ssl 2.x from Apache 1.3 and this mod_ssl version for Apache 2.0:
-
- o The DBM based session cache is now based on APR's DBM API only.
- o The shared memory based session cache is now based on APR's APIs.
- o SSL I/O is now implemented in terms of filters rather than BUFF
- o Eliminated ap_global_ctx. Storing Persistant information in
- process_rec->pool->user_data. The ssl_pphrase_Handle_CB() and
- ssl_config_global_* () functions have an extra parameter now -
- "server_rec *" - which is used to retrieve the SSLModConfigRec.
- o Properly support restarts, allowing mod_ssl to be added to a server
- that is already running and to change server certs/keys on restart
- o Various performance enhancements
- o proxy support is no longer an "extension", much of the mod_ssl core
- was re-written (ssl_engine_{init,kernel,config}.c) to be generic so
- it could be re-used in proxy mode.
- - the optional function ssl_proxy_enable is provide for mod_proxy
- to enable proxy support
- - proxy support now requires 'SSLProxyEngine on' to be configured
- - proxy now supports SSLProxyCARevocation{Path,File} in addition to
- the original SSLProxy* directives
- o per-directory SSLCACertificate{File,Path} is now thread-safe but
- requires SSL_set_cert_store patch to OpenSSL
- o RSA sslc is supported via ssl_toolkit_compat.h
- o the ssl_engine_{ds,ext}.c source files are obsolete and no longer
- exist
-
-TODO
-
- See the top-level STATUS file in httpd-2.0 for current efforts and goals.