summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDonny Davies <woodchip@gentoo.org>2002-04-09 23:57:52 +0000
committerDonny Davies <woodchip@gentoo.org>2002-04-09 23:57:52 +0000
commitc88ee90f2a8f77b791713e30678756ecb1336b43 (patch)
tree756568f730f9c4a1cf87db5489e054dee3ef7c71 /net-www/mod_ssl
parentrewritten apache package; see changelog (diff)
downloadhistorical-c88ee90f2a8f77b791713e30678756ecb1336b43.tar.gz
historical-c88ee90f2a8f77b791713e30678756ecb1336b43.tar.bz2
historical-c88ee90f2a8f77b791713e30678756ecb1336b43.zip
add a healthy selection of third-party modules to go along with the great apache rewrite ;)
Diffstat (limited to 'net-www/mod_ssl')
-rw-r--r--net-www/mod_ssl/ChangeLog9
-rw-r--r--net-www/mod_ssl/files/digest-mod_ssl-2.8.81
-rw-r--r--net-www/mod_ssl/files/gentestcrt.sh242
-rw-r--r--net-www/mod_ssl/files/mod_ssl.conf69
-rw-r--r--net-www/mod_ssl/files/ssl.default-vhost.conf151
-rw-r--r--net-www/mod_ssl/mod_ssl-2.8.8.ebuild73
6 files changed, 545 insertions, 0 deletions
diff --git a/net-www/mod_ssl/ChangeLog b/net-www/mod_ssl/ChangeLog
new file mode 100644
index 000000000000..a1d518931a8a
--- /dev/null
+++ b/net-www/mod_ssl/ChangeLog
@@ -0,0 +1,9 @@
+# ChangeLog for net-www/mod_ssl
+# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/ChangeLog,v 1.1 2002/04/09 23:57:52 woodchip Exp $
+
+*mod_ssl-2.8.8 (9 Apr 2002)
+
+ 9 Apr 2002; Donny Davies <woodchip@gentoo.org> :
+
+ New package to go along with the rewritten apache ebuild.
diff --git a/net-www/mod_ssl/files/digest-mod_ssl-2.8.8 b/net-www/mod_ssl/files/digest-mod_ssl-2.8.8
new file mode 100644
index 000000000000..a66efcbff2ff
--- /dev/null
+++ b/net-www/mod_ssl/files/digest-mod_ssl-2.8.8
@@ -0,0 +1 @@
+MD5 a48e8b5878f221694983747e60973662 mod_ssl-2.8.8-1.3.24.tar.gz 752322
diff --git a/net-www/mod_ssl/files/gentestcrt.sh b/net-www/mod_ssl/files/gentestcrt.sh
new file mode 100644
index 000000000000..d1e9e11facd9
--- /dev/null
+++ b/net-www/mod_ssl/files/gentestcrt.sh
@@ -0,0 +1,242 @@
+#!/bin/sh
+##
+## gentestcrt -- Create self-signed test certificate
+## (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft
+## Based on cca.sh script by Ralf S. Engelschall
+##
+
+# external tools
+openssl="/usr/bin/openssl"
+
+# some optional terminal sequences
+case $TERM in
+ xterm|xterm*|vt220|vt220*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
+ ;;
+ vt100|vt100*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
+ ;;
+ default)
+ T_MD=''
+ T_ME=''
+ ;;
+esac
+
+# find some random files
+# (do not use /dev/random here, because this device
+# doesn't work as expected on all platforms)
+randfiles=''
+for file in /var/log/messages /var/adm/messages \
+ /kernel /vmunix /vmlinuz \
+ /etc/hosts /etc/resolv.conf; do
+ if [ -f $file ]; then
+ if [ ".$randfiles" = . ]; then
+ randfiles="$file"
+ else
+ randfiles="${randfiles}:$file"
+ fi
+ fi
+done
+
+
+echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}"
+echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft"
+echo "Based on cca.sh script by Ralf S. Engelschall"
+echo ""
+
+grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy
+grep -q -s DUMMY server.key && mv server.key server.key.dummy
+
+echo ""
+echo ""
+
+if [ ! -e ./server.crt -a ! -e ./server.key ];then
+ echo "Will create server.key and server.crt in `pwd`"
+else
+ echo "server.key and server.crt already exist, dying"
+ exit
+fi
+
+echo ""
+
+
+mkdir -p /tmp/tmpssl-$$
+pushd /tmp/tmpssl-$$ > /dev/null
+
+
+ echo "${T_MD}INITIALIZATION${T_ME}"
+
+ echo ""
+ echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}"
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}"
+ cp /dev/null ca.rnd
+ echo '01' >ca.ser
+ if [ ".$randfiles" != . ]; then
+ $openssl genrsa -rand $randfiles -out ca.key 1024
+ else
+ $openssl genrsa -out ca.key 1024
+ fi
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate RSA private key" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}"
+ cat >.cfg <<EOT
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+RANDFILE = ca.rnd
+[ req_DN ]
+countryName = "1. Country Name (2 letter code)"
+#countryName_default = CA
+#countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = "2. State or Province Name (full name) "
+#stateOrProvinceName_default = "Quebec"
+localityName = "3. Locality Name (eg, city) "
+#localityName_default = "Montreal"
+0.organizationName = "4. Organization Name (eg, company) "
+0.organizationName_default = "Apache HTTP Server"
+organizationalUnitName = "5. Organizational Unit Name (eg, section) "
+organizationalUnitName_default = "For testing purposes only"
+commonName = "6. Common Name (eg, CA name) "
+commonName_max = 64
+commonName_default = "localhost"
+emailAddress = "7. Email Address (eg, name@FQDN)"
+emailAddress_max = 40
+#emailAddress_default = "root@localhost"
+EOT
+ $openssl req -config .cfg -new -key ca.key -out ca.csr
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}"
+ cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName = email:copy
+#basicConstraints = CA:true,pathlen:0
+#nsComment = "CCA generated custom CA certificate"
+#nsCertType = sslCA
+EOT
+ $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}RESULT:${T_ME}"
+ $openssl verify ca.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+ exit 1
+ fi
+ $openssl x509 -text -in ca.crt
+ $openssl rsa -text -in ca.key
+
+ echo "${T_MD}CERTIFICATE GENERATION${T_ME}"
+ user="server"
+
+ echo ""
+ echo "${T_MD}Generating custom USER${T_ME} [$user]"
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}"
+ if [ ".$randfiles" != . ]; then
+ $openssl genrsa -rand $randfiles -out $user.key 1024
+ else
+ $openssl genrsa -out $user.key 1024
+ fi
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate RSA private key" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}"
+ cat >.cfg <<EOT
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+RANDFILE = ca.rnd
+[ req_DN ]
+countryName = "1. Country Name (2 letter code)"
+#countryName_default = XY
+#countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = "2. State or Province Name (full name) "
+#stateOrProvinceName_default = "Unknown"
+localityName = "3. Locality Name (eg, city) "
+#localityName_default = "Server Room"
+0.organizationName = "4. Organization Name (eg, company) "
+0.organizationName_default = "Apache HTTP Server"
+organizationalUnitName = "5. Organizational Unit Name (eg, section) "
+organizationalUnitName_default = "Test Certificate"
+commonName = "6. Common Name (eg, DOMAIN NAME) "
+commonName_max = 64
+commonName_default = "localhost"
+emailAddress = "7. Email Address (eg, name@fqdn)"
+emailAddress_max = 40
+#emailAddress_default = "root@localhost"
+EOT
+ $openssl req -config .cfg -new -key $user.key -out $user.csr
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2
+ exit 1
+ fi
+ rm -f .cfg
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}"
+ cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName = email:copy
+#basicConstraints = CA:false,pathlen:0
+#nsComment = "CCA generated client certificate"
+#nsCertType = client
+EOT
+ $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate X.509 certificate" 1>&2
+ exit 1
+ fi
+ caname="`$openssl x509 -noout -text -in ca.crt |\
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+ username="`$openssl x509 -noout -text -in $user.crt |\
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+# echo "Assembling PKCS#12 package"
+# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}RESULT:${T_ME}"
+ $openssl verify -CAfile ca.crt $user.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+ exit 1
+ fi
+ $openssl x509 -text -in $user.crt
+ $openssl rsa -text -in $user.key
+
+
+popd >/dev/null
+
+
+rm -f /tmp/tmpssl-$$/*.csr
+rm -f /tmp/tmpssl-$$/ca.*
+chmod 400 /tmp/tmpssl-$$/*
+
+echo "Certificate creation done!"
+cp /tmp/tmpssl-$$/server.* .
+
+rm -rf /tmp/tmpssl-$$
diff --git a/net-www/mod_ssl/files/mod_ssl.conf b/net-www/mod_ssl/files/mod_ssl.conf
new file mode 100644
index 000000000000..90ff9a0219d1
--- /dev/null
+++ b/net-www/mod_ssl/files/mod_ssl.conf
@@ -0,0 +1,69 @@
+<IfModule mod_ssl.c>
+
+##--------------------------------------------------------------------------
+## Add additional SSL configuration directives which provide a
+## robust default configuration: virtual server on port 443
+## which speaks SSL.
+##--------------------------------------------------------------------------
+##
+## SSL Support
+##
+## When we also provide SSL we have to listen to the
+## standard HTTP port (see above) and to the HTTPS port
+##
+Listen 443
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First either `none'
+# or `dbm:/path/to/file' for the mechanism to use and
+# second the expiring timeout (in seconds).
+#SSLSessionCache none
+#SSLSessionCache dbm:logs/ssl_scache
+SSLSessionCache shm:logs/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual explusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex sem
+
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the
+# SSL library. The seed data should be of good random quality.
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+# Logging:
+# The home of the dedicated SSL protocol logfile. Errors are
+# additionally duplicated in the general error log file. Put
+# this somewhere where it cannot be used for symlink attacks on
+# a real server (i.e. somewhere where only root can write).
+# Log levels are (ascending order: higher ones include lower ones):
+# none, error, warn, info, trace, debug.
+SSLLog logs/ssl_engine_log
+SSLLogLevel info
+
+</IfModule>
diff --git a/net-www/mod_ssl/files/ssl.default-vhost.conf b/net-www/mod_ssl/files/ssl.default-vhost.conf
new file mode 100644
index 000000000000..3f5edaec28c0
--- /dev/null
+++ b/net-www/mod_ssl/files/ssl.default-vhost.conf
@@ -0,0 +1,151 @@
+<IfModule mod_ssl.c>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host
+DocumentRoot /home/httpd/htdocs
+#ServerName new.host.name
+#ServerAdmin you@your.address
+ErrorLog logs/ssl-error_log
+TransferLog logs/ssl-access_log
+
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+# Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate. If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase. Note that a kill -HUP will prompt again. A test
+# certificate can be generated with `make certificate' under
+# built time.
+SSLCertificateFile conf/ssl/server.crt
+
+# Server Private Key:
+# If the key is not combined with the certificate, use this
+# directive to point at the key file.
+SSLCertificateKeyFile conf/ssl/server.key
+
+# Server Certificate Chain:
+# Point SSLCertificateChainFile at a file containing the
+# concatenation of PEM encoded CA certificates which form the
+# certificate chain for the server certificate. Alternatively
+# the referenced file can be the same as SSLCertificateFile
+# when the CA certificates are directly appended to the server
+# certificate for convinience.
+#SSLCertificateChainFile @@ServerRoot@@/conf/ssl/ssl.crt/ca.crt
+
+# Certificate Authority (CA):
+# Set the CA certificate verification path where to find CA
+# certificates for client authentication or alternatively one
+# huge file containing all of them (file must be PEM encoded)
+# Note: Inside SSLCACertificatePath you need hash symlinks
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
+#SSLCACertificatePath @@ServerRoot@@/conf/ssl/ssl.crt
+#SSLCACertificateFile @@ServerRoot@@/conf/sssl/sl.crt/ca-bundle.crt
+
+# Certificate Revocation Lists (CRL):
+# Set the CA revocation path where to find CA CRLs for client
+# authentication or alternatively one huge file containing all
+# of them (file must be PEM encoded)
+# Note: Inside SSLCARevocationPath you need hash symlinks
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
+#SSLCARevocationPath @@ServerRoot@@/conf/ssl/ssl.crl
+#SSLCARevocationFile @@ServerRoot@@/conf/ssl/ssl.crl/ca-bundle.crl
+
+# Client Authentication (Type):
+# Client certificate verification type and depth. Types are
+# none, optional, require and optional_no_ca. Depth is a
+# number which specifies how deeply to verify the certificate
+# issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+# Access Control:
+# With SSLRequire you can do per-directory access control based
+# on arbitrary complex boolean expressions containing server
+# variable checks and other lookup directives. The syntax is a
+# mixture between C and Perl. See the mod_ssl documentation
+# for more details.
+#<Location />
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+# SSL Engine Options:
+# Set various options for the SSL engine.
+# FakeBasicAuth:
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
+# ExportCertData:
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
+# CompatEnvVars:
+# This exports obsolete environment variables for backward compatibility
+# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
+# to provide compatibility to existing CGI scripts.
+# StrictRequire:
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
+# OptRenegotiate:
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+
+# SSL Protocol Adjustments:
+# The safe and default but still SSL/TLS standard compliant shutdown
+# approach is that mod_ssl sends the close notify alert but doesn't wait for
+# the close notify alert from client. When you need a different shutdown
+# approach you can use one of the following variables:
+# ssl-unclean-shutdown:
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is send or allowed to received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
+# ssl-accurate-shutdown:
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is send and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
+# Notice: Most problems of broken clients are also related to the HTTP
+# keep-alive facility, so you usually additionally want to disable
+# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+RewriteEngine On
+RewriteOptions inherit
+
+</VirtualHost>
+
+</IfModule>
diff --git a/net-www/mod_ssl/mod_ssl-2.8.8.ebuild b/net-www/mod_ssl/mod_ssl-2.8.8.ebuild
new file mode 100644
index 000000000000..6f30bf4799ac
--- /dev/null
+++ b/net-www/mod_ssl/mod_ssl-2.8.8.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Maintainer: Donny Davies <woodchip@gentoo.org>
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/mod_ssl-2.8.8.ebuild,v 1.1 2002/04/09 23:57:52 woodchip Exp $
+
+MY_P=${P}-1.3.24
+
+DESCRIPTION="An SSL module for the Apache Web server"
+HOMEPAGE="http://www.modssl.org"
+
+S=${WORKDIR}/${MY_P}
+SRC_URI="http://www.modssl.org/source/${MY_P}.tar.gz"
+
+DEPEND="virtual/glibc >=net-www/apache-1.3.24 >=dev-libs/openssl-0.9.6c"
+
+src_unpack() {
+ unpack ${A} ; cd ${S}
+ # proper path to openssl
+ cp pkg.contrib/cca.sh pkg.contrib/cca.sh.orig
+ sed -e 's%^\(openssl=\).*%\1"/usr/bin/openssl"%' \
+ pkg.contrib/cca.sh.orig > pkg.contrib/cca.sh
+}
+
+src_compile() {
+ SSL_BASE=SYSTEM \
+ ./configure \
+ --with-apxs=/usr/sbin/apxs || die "bad ./configure"
+ make || die "compile problem"
+}
+
+src_install() {
+ exeinto /usr/lib/apache-extramodules
+ doexe pkg.sslmod/libssl.so
+
+ exeinto /usr/lib/ssl/mod_ssl
+ doexe pkg.contrib/*.sh ${FILESDIR}/gentestcrt.sh
+
+ dodoc ANNOUNCE CHANGES CREDITS LICENSE NEWS README*
+ mkdir -p ${D}/usr/share/doc/${PF}/html
+ cp -a pkg.ssldoc/* ${D}/usr/share/doc/${PF}/html
+
+ insinto /etc/apache/conf/vhosts
+ doins ${FILESDIR}/ssl.default-vhost.conf
+
+ insinto /etc/apache/conf/addon-modules
+ doins ${FILESDIR}/mod_ssl.conf
+}
+
+pkg_postinst() {
+ install -d -o root -g root -m0755 ${ROOT}/etc/apache/conf/ssl
+
+ einfo
+ einfo "Execute ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config"
+ einfo "to have your apache.conf auto-updated for use with this module."
+ einfo "You should then edit your /etc/conf.d/apache file to suit."
+ einfo
+
+ cd ${ROOT}/etc/apache/conf/ssl
+ einfo "Generating self-signed test certificate in /etc/apache/conf/ssl..."
+ einfo "(Ignore any message from the yes command below)"
+ yes "" | ${ROOT}/usr/lib/ssl/mod_ssl/gentestcrt.sh >/dev/null 2>&1
+ einfo
+}
+
+pkg_config() {
+ ${ROOT}/usr/sbin/apacheaddmod \
+ ${ROOT}/etc/apache/conf/apache.conf \
+ extramodules/libssl.so mod_ssl.c ssl_module \
+ define=SSL addconf=conf/addon-modules/mod_ssl.conf
+
+ echo "Include conf/vhosts/ssl.default-vhost.conf" \
+ >> ${ROOT}/etc/apache/conf/apache.conf
+}