pkgsrc/www/ap-ssl/MESSAGE

===========================================================================
$NetBSD: MESSAGE,v 1.4 2002/11/19 23:03:53 jlam Exp $

You will need to generate certificates and keys for your server before
Apache will start with mod_ssl support.  Please read

	${PREFIX}/share/doc/mod_ssl/README.mkcert

for more information on how to do this.

The SSL-specific configuration parts of the default httpd.conf are
bracketed by:

  <IfDefine SSL>
  </IfDefine>

In order to start Apache with mod_ssl support, you need to run Apache
with "apachectl startssl" instead of "apachectl start".  This may be done
by adding:

	apache=YES
	apache_start="startssl"

to /etc/rc.conf.

===========================================================================
Complete standardization of messages according to latest pkglint. 2002-09-24 14:29:55 +02:00			`===========================================================================`
Bump PKGREVISION of ap-ssl: no longer install apache_start.conf; Apache/SSL users should just add: apache_start="startssl" to /etc/rc.conf. 2002-11-20 00:03:53 +01:00			$NetBSD: MESSAGE,v 1.4 2002/11/19 23:03:53 jlam Exp $
Update Apache and mod_ssl using new build layout (see post to tech-pkg for details). No security fixes in Apache 1.3.3, so immediate upgrade from 1.3.2 is not necessary. 1998-12-03 18:22:01 +01:00
Update ap-ssl to 2.6.6. Important fixes for memory leaks and segfaults. Also make me the maintainer. Relevant changes from version 2.6.3: -) Install ${sbindir}/mkcert.sh to ease generation of SSL certificates. ) Fixed server restarts: Under non-DSO run-time situation, the OpenSSL library was shutdown (and never re-initialized) and this way caused segfaults on server restarts. This affected only installations where mod_ssl+OpenSSL were built as a static module instead of a DSO. This nasty bug was unfortunately introduced in 2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix. ) Various typo fixes in user manual. ) Removed more memory leaks by freeing even more stuff from the OpenSSL toolkit on module shutdown. ) Added missing TLSv1, EXP40 and EXP56 keywords to ssl_reference's documentation of SSLCipherSuite. ) Added hints about MSIE workarounds (-SSLv3, !EXP56, etc.) to the FAQ entry about MSIE errors. ) Added !EXP56 to pre-configured SSLCipherSuite in order to avoid MSIE5.x problems in advance. ) Allow spaces in ServerRoot and SSLPassPhraseDialog arguments which is especially important for the Win32 environment. ) Fixed syntax errors in ssl_howto.wml: "Deny all" -> "Deny from all" ) Removed a left-over ssl_scache_expire() call in ssl_scache_init() which made the life of vendors complicated. ) Allow more fine-tuned overriding of ap_server_root_relative calls by providing the context of the call. ) Added Equifax Secure CA certificates to ca-bundle.crt. ) Let the pass phrase dialog force the prompt to occur only once (no verification step), because mod_ssl uses the dialog only for pass phrases which are required for reading private keys. This as a side-effect should fix a problem under Win32 where a second prompt occured for unknown reasons. ) Added more compatibility to Stronghold v2's SSL_SessionCache. ) Added two more EAPI hools under SSL_VENDOR: one for overriding ap_server_root_relative calls and one for hooking into the server configuration step. ) Fixed SSL display for mod_status in `short report' situation. ) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy support (ssl_engine_ext.c/mod_proxy) under _NOT_ SSL_EXPERIMENTAL. 2000-09-12 16:05:16 +02:00			`You will need to generate certificates and keys for your server before`
			`Apache will start with mod_ssl support. Please read`

Add automatic ${VARIABLE} handling for MESSAGE files. Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced, not @VARIABLE@, nor @@VARIABLE@@). By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX, X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST. Clean up some packages while I'm there; add RCS tags to most MESSAGEs. Remove some uninteresting MESSAGEs. 2001-01-29 12:34:21 +01:00			`${PREFIX}/share/doc/mod_ssl/README.mkcert`
Update ap-ssl to 2.6.6. Important fixes for memory leaks and segfaults. Also make me the maintainer. Relevant changes from version 2.6.3: -) Install ${sbindir}/mkcert.sh to ease generation of SSL certificates. ) Fixed server restarts: Under non-DSO run-time situation, the OpenSSL library was shutdown (and never re-initialized) and this way caused segfaults on server restarts. This affected only installations where mod_ssl+OpenSSL were built as a static module instead of a DSO. This nasty bug was unfortunately introduced in 2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix. ) Various typo fixes in user manual. ) Removed more memory leaks by freeing even more stuff from the OpenSSL toolkit on module shutdown. ) Added missing TLSv1, EXP40 and EXP56 keywords to ssl_reference's documentation of SSLCipherSuite. ) Added hints about MSIE workarounds (-SSLv3, !EXP56, etc.) to the FAQ entry about MSIE errors. ) Added !EXP56 to pre-configured SSLCipherSuite in order to avoid MSIE5.x problems in advance. ) Allow spaces in ServerRoot and SSLPassPhraseDialog arguments which is especially important for the Win32 environment. ) Fixed syntax errors in ssl_howto.wml: "Deny all" -> "Deny from all" ) Removed a left-over ssl_scache_expire() call in ssl_scache_init() which made the life of vendors complicated. ) Allow more fine-tuned overriding of ap_server_root_relative calls by providing the context of the call. ) Added Equifax Secure CA certificates to ca-bundle.crt. ) Let the pass phrase dialog force the prompt to occur only once (no verification step), because mod_ssl uses the dialog only for pass phrases which are required for reading private keys. This as a side-effect should fix a problem under Win32 where a second prompt occured for unknown reasons. ) Added more compatibility to Stronghold v2's SSL_SessionCache. ) Added two more EAPI hools under SSL_VENDOR: one for overriding ap_server_root_relative calls and one for hooking into the server configuration step. ) Fixed SSL display for mod_status in `short report' situation. ) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy support (ssl_engine_ext.c/mod_proxy) under _NOT_ SSL_EXPERIMENTAL. 2000-09-12 16:05:16 +02:00
			`for more information on how to do this.`

Bump PKGREVISION of ap-ssl: no longer install apache_start.conf; Apache/SSL users should just add: apache_start="startssl" to /etc/rc.conf. 2002-11-20 00:03:53 +01:00			`The SSL-specific configuration parts of the default httpd.conf are`
			`bracketed by:`
Update Apache and mod_ssl using new build layout (see post to tech-pkg for details). No security fixes in Apache 1.3.3, so immediate upgrade from 1.3.2 is not necessary. 1998-12-03 18:22:01 +01:00
			`<IfDefine SSL>`
			`</IfDefine>`

Bump PKGREVISION of ap-ssl: no longer install apache_start.conf; Apache/SSL users should just add: apache_start="startssl" to /etc/rc.conf. 2002-11-20 00:03:53 +01:00			`In order to start Apache with mod_ssl support, you need to run Apache`
			`with "apachectl startssl" instead of "apachectl start". This may be done`
			`by adding:`

			`apache=YES`
			`apache_start="startssl"`

			`to /etc/rc.conf.`

Complete standardization of messages according to latest pkglint. 2002-09-24 14:29:55 +02:00			`===========================================================================`