                       _             _ 
   _ __ ___   ___   __| |    ___ ___| |  
  | '_ ` _ \ / _ \ / _` |   / __/ __| |  
  | | | | | | (_) | (_| |   \__ \__ \ |  mod_ssl - Apache Interface to SSLeay  
  |_| |_| |_|\___/ \__,_|___|___/___/_|  http://www.engelschall.com/sw/mod_ssl/
                       |_____|         
  _____________________________________________________________________________


  ChangeLog
  ---------

  Changes with mod_ssl 2.0.6

   *) Added RSAref support for the US-citizens: mod_ssl now automatically
      recognizes an SSLeay compiled with -DRSAref, automatically finds
      libRSAglue and librsaref.a or rsaref.a.  Additionally beside SSL_BASE
      now the variable RSA_BASE can be used to select a particular RSAref
      source tree (if not installed under system locations). This way mod_ssl
      provides out-of-the-box support for SSLeay+RSAref.

   *) Back-port from 2.1: Replaced assert()ions with non-process-terminating
      runtime checks and removed some unnecessary debugging stuff. 

   *) Back-port from 2.1: Finally fixed the SSL connection deallocation and
      removed the old FREE_SESSION stuff by back-porting the change from the
      2.1 track.

   *) Added PGP public key as ssl.contrib/rse.pgp to the distribution 
      so people can use it on forthcoming releases to verify the tarballs
      signature.

   *) Taken over a change between Apache-SSL 1.22 and 1.23: Move the call for
      launching the gcache program to a later point in processing.

   *) Back-port from 2.1: Removed ERR_load_crypto_strings() call because it's
      already contained in SSL_load_error_string() from SSLeay 0.8 and 0.9.

  Changes with mod_ssl 2.0.5

   *) Fix per-server configuration structure merging.

   *) Added support for reliable piped logs to SSLLogFile directive which can
      be used to plug-in a filter program which receives the logfile entries.

   *) Removed per-server check for valid SSLVerifyClient argument because in
      mod_ssl it's no longer possible that an invalid argument can exit under
      run-time because the argument is already validated under config-time.

   *) Removed DEBUG_SSLEAY stuff from Apache-SSL because SSL_debug() does no
      longer exist in SSLeay 0.9.x.

   *) Added one more digit at the MOD_SSL define value to indicate beta or
      release versions. The scheme now is the following (only important when
      one has to check against the version of an SSL-aware Apache from within
      an own module): <version>.<revision><type><level> where <version>,
      <revision> and <level> are numbers between 0 and 99 while <type> is
      either `b' (for beta versions) or `.' (for release versions). From
      this the MOD_SSL define is created similar to this command:

          sprintf("%d%02d%c%02d", <version>, <revision>, 
                                  <type> == `b' ? 0 : 1, <level>);

      As an example: the beta version 2.1b3 has MOD_SSL=201003 while
      the release version 2.1.4 has MOD_SSL=201104.

   *) Fixed typos in mod_ssl.html document.

   *) Fixed typos in mod_ssl.c source.

   *) Created two buttons similar to the existing "Includes SSLeay
      encryption software" button: One for Apache ("Powered by Apache
      Webserver Software") and one for mod_ssl ("Secured by mod_ssl
      Interface"). These are now put on the default frontdoor webpage at
      install time.

   *) Removed half done DSO-related stuff from Apache-SSL because it's
      useless.  Why? Because mod_ssl currently _cannot_ be build as a DSO,
      because:

      1. Because SSLeay is directly called from within Apache's buffer code
         (SSL_write/SSL_read) because the Apache API lacks a hook for this.
         But direct calls from the core to modules and libraries is tabu under
         DSO situation.

      2. Because mod_ssl is directly called from within Apache's main loop
         for setting up the SSL protocol after the socket connection was
         established because the Apache API lacks a hook for this.  But
         direct calls from the core to modules and libraries is tabu under
         DSO situation.

      3. Because the pass-phrase dialog can be done only before Apache
         detaches from the terminal. But the general order is this:

           a) ap_read_config (where LoadModule is done)
           b) ap_init_modules (where mod_ssl can do the pass-phrase dialog)
           c) detaching
           d) ap_read_config (where DSOs are unloaded and reloaded)
           e) ap_init_modules (where mod_ssl no longer can do the dialog)

         When mod_ssl is not a DSO it can do the pass-phrase dialog in step
         b), but when it's a DSO (assuming 1. and 2. are already solved) then
         it cannot preserve information between b) and e) because it is
         unloaded in the meantime.

      So, for DSO the Apache kernel has to be bloated up with some more
      features. Currently I want to avoid this because DSO is still not not
      really worth the effort (there are other things which can be improved in
      mod_ssl first). 

  Changes with mod_ssl 2.0.4

   *) Added VERSIONS file to the distribution which contains the
      release date and version numbers for reference.

   *) Make sure the server.pem certificate files in sysconfdir/sslcerts/ is
      not overridden on APACI re-installs. Now a message simular to other
      existing APACI messages informs the user that his certificates are
      preserved.

   *) Added support for SSL_BASE=SYSTEM which means that SSLeay header files,
      libraries, configuration and binary files were not searched under a
      single SSL_BASE root. Instead they are searched inside the common system
      directories like /etc/, /usr/etc, /lib, /usr/lib, /usr/local/lib,
      /usr/include, etc. pp.

   *) Replaced even more old Apache-SSL relicts to make mod_ssl really secure,
      stable and robust: sprintf -> ap_snprinf, srcpy -> ap_cpystrn, fopen ->
      ap_pfopen. 

   *) Added U.S. export law information to SUPPORT file to make sure
      mailing list users inside the United States remember the U.S. export law.

  Changes with mod_ssl 2.0.3

   *) Fixed a view ap_log_error() calls where APLOG_NOERRNO was missing.

   *) For better compatibility with Stronghold and because it is really more
      intuitive we now also provide the CustomLog directives %{subjectdn}c and
      %{issuerdn}c: The (more intuitive) %{subjectdn}c replaced the (confusing)
      %{clientcert}c directive (although %{clientcert}c is still accepted as an
      alias).  And the %{issuerdn}c was added (with the alias %{cacert}c :-( ).
      This way custom logfiles now can contain the certificate issuer as well.

   *) For better configuration sharing with Stronghold (which uses
      the name mod_ssl.c for its module, too) mod_ssl now defines not only the
      C Pre-Processor define MOD_SSL, it now also pre-defines the Apache
      configuration define MOD_SSL. This now can be used with <IfDefine
      MOD_SSL>..</IfDefine> sections without the need to startup Apache
      explicitly with an -DSSL or -DMOD_SSL option. 
   
   *) ANSI C doesn't allow one to forward declare an array variable without
      specifying the actual array size. GCC didn't complain, but other vendor
      compilers (like /bin/cc under IRIX) do. This is now fixed by re-ordering
      the definitions in the code to make the forward declaration not
      necessary. 

   *) Let APACI adjust the port 443 to 8443 when installing under a non-root
      UID similar to what Apache already does with adjusting port 80 to 8080.

   *) Fix patch tool location for the situation where the user
      has to compile manually the stuff because of platforms errors.

   *) Incorporated changes from Apache-SSL 1.20 to 1.21:
      Was only a single register_cleanup -> ap_register_cleanup rename,
      because all other changes were either already in mod_ssl or will be done
      totally different with the next mod_ssl changes (for instance the
      logging stuff which gets replaced by a more improved version the next
      days - because Ben's idea to now log anything to Apache's error_log
      sounds not reasonable to me).

   *) Fixed variable arg usage in logging functions: va_end was missing.

  Changes with mod_ssl 2.0.2

   *) Make egrep arguments more safe because they failed under
      Solaris and other platforms. 

   *) Replaced basename() and dirname() functions in aux/patch/backupfile.c
      to avoid conflicts with glibc2's versions of these functions.

   *) Removed ssl.contrib/ssleay.diff because it was only needed
      for the temporary broken SSLeay 0.9.0b which was staying around on the
      net. 

   *) Now the sslcerts dir is created with permissions 755 and sslkeys 
      with 700 for security reasons.

   *) Now the FAQ inside the mod_ssl.html document has corresponding ToC
      entries. Additionally now the question "What is different between mod_ssl
      and Apache-SSL" is tried to be answered.  And a few hints were added on how
      to check HTTPS manually.

   *) Make the building of the 'patch' tool more robust by checking for
      success and providing a log of the failure. Additionally in case of
      problems the user now can use a --with-patch option to force the usage
      of a vendor patch program.

   *) Cleaned up the gcache stuff even more: reduced #includes
      to minimum and moved some stuff to the header file.

   *) Cleaned up the httpd.conf-dist entries for SSL.

   *) Cleanup mod_log_config.c patch and fixed %{version}c construct:
      It now says "SSLX" even under SSLeay 0.8.0.

   *) Misc. doc ajdustments: Fixed a few comment typos in apache.patch file;
      Added Announcement text as ANNOUNCE file to distribution; Fixed
      hyperlinks in mod_ssl.html document and added more useful hyperlinks to
      the README file.

   *) Replaced a lot of C constructs into shorthand defines to
      make the code even more readable and reviewable: 
      o ``strcmp ... == 0'' -> ``strEQ''
      o ``\0'' -> ``NUL''
      o ``ap_get_module_config(...)'' -> ``myXXConfig''
      o ``ap_overlay_tables'' -> ``cfgMergeTable''

   *) Fixed dependencies in src/modules/ssl/Makefile.tmpl

   *) Add Ben Laurie's copyright message to gcache sources, even when Ben
      missed it here. It's from Ben, so his copyright applies and credit has
      to be given. 

  Changes with mod_ssl 2.0.1

   *) Minor documentation updates.

   *) Now the ssl.patch/apache.diff file is named ssl.patch/apache.patch
      and contains descriptive annotations for each patches file. This way
      even the patches are easier reviewable.
 
   *) The configure patch was not 100% correct: The SSL has not to be
      disabled for --enable-module=most (where it should be enabled, of
      course). Instead it has to be disabled automatically for
      --enable-shared=max.
  
  Changes with mod_ssl 2.0.0
  
   *) Added "SSL library type" message to the configuration process
      to inform the user how we recognized the SSLeay location.
 
   *) Added support for conf/sslkeys/ directory both to configure
      script, Makefile.tmpl and default config files. Additionally now on
      "make install" the hash symlinks are created and a dummy server cert
      file is skipped.
 
   *) Fixed prop.sh script.
 
   *) Cleaned up mod_ssl.html document for release.
 
   *) Cleaned up the README file and added a situation report
      about the author conflict with Ben.
 
   *) Incorporated changes from Apache-SSL 1.19 to 1.20:
      - Do a cleanup before starting gcache.
      - Make gcache die when httpd dies. 
        This failing in previous versions appears to be a bug in Apache. 
      - Document the biz with passphrases and sleep.
      - Do Apache-SSL on inetd connections.
      ALL OTHER CHANGES BETWEEN APACHE-SSL 1.19 AND 1.20 WERE ALREADY DONE
      FOR MOD_SSL IN THE PAST BY Ralf S. Engelschall. Because it seems Ben
      just has drawn level Apache-SSL with the mod_ssl pre-release I sent to
      him last week.  Hmmmm...
 
   *) Minor cleanups to README and mod_ssl.html file.
 
   *) Now create the CHANGES.SSL in <apache>/src/ instead in <apache>/.
 
   *) Moved patch to a subdir aux/patch/ and added prop.sh for
      a visual process indicator while building the aux tools.
 
   *) Slightly fixed the configure scripts messages
 
   *) Added support for checking the Apache version: Now mod_ssl can
      only be applied to the correct matching Apache source tree.
 
   *) Added configurable support for mod_ssl version strings: Now
      a libssl.version file is created inside src/modules/ssl/ which holds
      the mod_ssl version. From this the libssl.module script creates a
      MOD_SSL_VERSION define holding the value as a string ("X.Y.Z") and a
      MOD_SSL define holding the value with a zero-spaced numerical value
      (XYYZZ). This way the mod_ssl received the string for the Server field
      and other modules can check against certain mod_ssl versions via #ifdef
      or more granular via #if MOD_SSL >= 20000 or whatever.
    
   *) Added support for named to SSLVerifyClient directive: Now the ogly
      numerical levels 0-2 are still valid but can be replaced by better
      readable names: "none", "optional", "require" and "optional_no_ca".
 
   *) Added Makefile for conf/sslcerts/ directory to keep <hash>.0 
      symlinks up-to-date.
 
   *) Translated the FAQ into HTML format and appended it to mod_ssl.html.
      Additionally I created a ca.sign script and a Makefile for sslcert/ in
      relation to the FAQ.
 
   *) Enhanced the logfile support: First I've converted nasty
      fprintf(stderr,..) to ap_log_error() variants. Second I've moved the
      fprintf(pConfig->fileLogfile,...) to ssl_log_own(pConfig,...) calls.
      And third error messages are now consistently prefixed with "mod_ssl:"
      and "SSLeay:" - dependend from which an error comes. And forth I've
      added the word "SSL" to a lot of messages to indicate that the
      SSL-relationship.  Additionally I removed doubled ERR_print_xxx calls.
  
   *) Cleanup up namespace by added lots of `static's, so only the
      module structure and the SSL_HOOK_xxx symbols are now exported.
 
   *) Fixed up Apache API structures for Apache 1.3: added MODULE_VAR_EXPORT
      for consistency and missing module structure dispatch pointers.
       
   *) Completely renamed the functions to use common prefixes which
      indicate their relationship and ordered the functions according to this
      relationship. Additionally a complete list of prototypes is now
      provided in mod_ssl.h. The order of functions now reflects the logical
      order when one wants to review the module: 1. API structures, 2. config
      handing, 3.  directive handling, 4. init functions, 5. API hooks, 6.
      internals, 7.  caching support, 8. logfile support and 9. utility
      functions.  Additionally I cleanup up the namespace of global data
      symbols: They now all have the prefix "_g": bFirstTime -> g_bFirstTime,
      szCacheServerPort -> g_szCacheServerPort, szCacheServerPath ->
      g_szCacheServerPath, s_pServer -> g_pServer.

   *) Now all stuff for SSLEay < 0.8.0 is removed because an #error was
      already given and there is now real need to support these versions any
      longer. As a consequence we now also could remove the CACHE_SESSIONS
      #ifdef mess because  this was enabled for >= 0.8.0 since a long time.

   *) Cleaned up the mess inside ap_config.h where TRUE, FALSE and BOOL
      where globally defined even when they were only used my mod_ssl.  Now
      all stuff mod_ssl needs is inside mod_ssl.h and not spread over the
      Apache sources without need. I've also cleaned up the "uchar"
      definition because this was defined only by coincidence. I've also
      replaced ugly return 0's with return FALSE and -1 by UNSET when the
      context was the one for UNSET (like for VerifyType). Additionally I
      replaced some incorrect declarations (extern uid_t ap_user_id) by
      including the correct header file (http_config_globals.h). In the same
      spirit for cleaness I've replaced the numerical filedescriptor numbers
      by the STDXX_FILENO aliases.

   *) Fixed a nasty bug: When a startup error occured an exit() was done.
      But an already started ssl_gcache program was not terminated because
      the exit() doesn't give Apache a chance to cleanup the pools (where the
      program is registered). Fixed by adding a bunch of ap_clear_pool()
      calls before the exit() calls. Additionally some more missing exit()'s
      were added to config checks. And last but not least a termination
      message is now created by ssl_gcache when it is terminated so one now
      see both the start and the termination of ssl_gcache program in the
      logfiles.
 
   *) Replaced various sprintf()'s by the more safe and correct ap_snprintf()
      variants. Same for fopen() and ap_pfopen() and other such functions.
 
   *) Prefixed all SSLeay function calls with __SSLeay to mark them
      for reviewing. I'm still not happy with this long and ugly reading
      prefix but need to use an initial one which doesn't conflict.
      Additionally I've then grep'ed out all __SSLeay prefixed symbols,
      sorted them by group and inserted them into a README which can help
      identifiying the used SSLeay API functions. The whole intent is
      just to make reviewing of the code more easier, because this is
      really important for security related sources.

   *) A lot of various minor cleanups and fixes: For instance I've corrected the
      directive descriptions, added some descriptive source comments, etc.
      Really to much of these minor cleanups to write them down, sorry.
 
   *) Added an FAQ file, assembled from some information found
      on www.apache-ssl.org

   *) Incorporated the changes between Apache-SSL 1.18-1.19
 
   *) Added back support for the old Apache 1.2 way of configuring and
      building by placing the SSL_BASE into src/Configuration.tmpl and
      providing steps in INSTALL, too.

   *) Added a complete Apache-style mod_ssl.html document which describes all
      mod_ssl directives in detail. I've also painted a nice mod_ssl logo out
      of the old mod_rewrite logo parts and a safety lock which secures the
      feather. The SSLeay logo is also part of the document to give credit.

   *) Added a `configure' frontend script for easy applying the mod_ssl
      source extension and patches to the Apache source tree. It also can
      replace APACI's configure script by running it in the background.
      Additionally a slightly changed GNU patch 2.1 tool is distributed under
      aux/ subdir to make sure the source patching works reliable because
      newer patches have problems with the apache.diff file and some systems
      have no "patch" at all.

   *) Split definitions from mod_ssl.c into own mod_ssl.h and converted all
      source files to the Apache coding styles to be consistent with the
      officially distributed Apache sources.
 
   *) Generation of a certificate is supported via top-level "make
      certificate" which correctly finds SSLeay both when SSLeay tree is the
      source tree or the installed tree.
 
   *) Added SSLNeedsSSL to config files and cleaned up the
      SSL-related stuff at the end of httpd.conf-dist.

   *) Out-of-the-box installation for a SSL-aware Apache is provided by
      automatically installing the certificate and the ssl_gcache program.
      Additionally the SSL-related directives in the extended httpd.conf file
      is adjusted, so one immediately can fire up an SSL-aware httpd.

   *) The name of the binary is now again "httpd" instead of the "httpsd"
      because "httpsd" reads ugly and confuses APACI. And there is no real
      need to distinguish between them, because one still can compile a
      standard Apache even after mod_ssl was applied to the Apache source
      tree. Or why isn't everybody using httppd just because mod_perl is
      built in? Bingo!
 
   *) Added Apache 1.3 Autoconf-style Interface (APACI) support to
      automatically enable the SSL module via --enable-module=ssl.  This also
      triggers the MOD_PERL define, so without this APACI option you still
      can build a standard Apache.

   *) Use the official Apache 1.3 way of adding strings to the
      HTTP Server header: via ap_add_version_component() instead of patching
      the defines in httpd.h.  Additionally it now creates a header like
      ``Server: Apache/1.3.1-dev (Unix) mod_ssl/2.0.0 SSLeay/0.9.0a'' i.e.
      SSLeay is part of the Server header. Because SSLeay's version is more
      important than mod_ssl's.

   *) Removed all broken parts in the original Ben-SSL patch, for instance
      incorrectly added newlines, incorrectly moved SecureWare, etc.

   *) Removed nasty terminal messages like "Skip first time initialization",
      "Launching ....", etc. These can be enabled in the future by using the
      ap_log_error stuff.

   *) Fixed incorrect log_ssl_info prototypes in mod_log_config.c from
      Ben-SSL patch and fixed minor other things.

   *) Cleaned up mod_ssl.c (formerly apache_ssl.c): removed unused variables
      mod_ssl.c, added prototypes, moved extern prototypes. Actually I've
      made it run quietly through ``gcc -Wall -Wshadow -Wpointer-arith
      -Wcast-align -Wmissing-prototypes -Wmissing-declarations
      -Wnested-externs -Winline'', etc.

   *) Renamed apache_ssl.c to mod_ssl.c for consistency and also
      to avoid problems inside APACI. Additionally the APACHE_SSL define was
      renamed to MOD_SSL which is also consistent which the behaviour of
      mod_perl which uses MOD_PERL.

   *) *GENESIS*: Based the complete code on Ben Laurie's latest Apache-SSL
      patch (Ben-SSL) version "apache_1.3.0+ssl_1.18". To avoid confusion and
      to show that its second generation stuff the mod_ssl version starts
      with 2.0.0. I've merged in all my previous work on Apache-SSL for
      Apache 1.3b, i.e. especially the APACI stuff.

